Reset Filters

Access Management Policy

Purpose 

eOne Solutions is committed to the correct use and management of access controls throughout the organization. The purpose of this policy is to define the steps that must be taken to ensure that users connecting to eOne Solutions resources are authenticated appropriately, in compliance with company standards, and are given the least amount of access required to perform their job function. 

Scope 

The scope of this policy includes all users who have access to company-owned or company-provided computers or require access to the corporate network and systems. This policy applies to employees and guests, contractors, and anyone needing access to the corporate systems. 

Policy  

General rules for Access Management 

  • All eOne Solutions information systems must be password protected. 
  • All eOne Solutions information systems must be MFA protected where possible. 
  • All eOne Solutions information systems must have a designated information owner responsible for managing and controlling access to the system.  
  • All eOne Solutions information systems must have a designated system administrator. For some systems, it can be its owner as well. 
  • Access to all eOne Solutions information systems and networks must be strictly controlled by formal registration and deregistration processes. 
  • Access to all eOne Solutions information systems must be controlled by using unique user accounts.  
  • Regular access review process is performed to the critical systems only  

Access to Network and Network Services 

  • Only authorized personnel have access to the network services, where they will manage other necessary accesses, create, review, backup, and change network services configurations. 

User Registration and Deregistration 

  • All company employees must have their unique user account to serve as an identifier for their different systems, including the information that can identify them.  
  • Usage of an outdated user account is prohibited.
  • Usage of one user account by different employees is unacceptable. 
  • Sharing the credentials with another employee or person not working in eOne Solutions is prohibited. 
  • Security Engineer creates new user accounts only after receiving the official requests. 
  • Security Engineer creates a new user or role using the user account as a name.  
  • When an employee leaves eOne Solutions, all their information systems, network, and project-based accesses must be revoked as soon as possible. The access revoking is approved by the PM and done by a Security Engineer. 

User Access Provisioning 

  • Requests from users for password resets must only be performed when the Security Engineer has verified the employee’s identity. 
  • Existing users who require additional access privileges must make the official written request. 
  • Accesses for users who change their work responsibilities must be reviewed to ensure that the new role will not require those accesses. If access is not needed, it will be revoked. 

Management of Privileged Access Rights 

  • Access rights and privileges to eOne Solutions information systems must be allocated based on the user’s functions. 
  • The principles of zero-trust, least privilege, and need-to-know must be followed. 
  • Access privileges granted to users must not undermine essential segregation of duties.  
  • The creation of user access accounts with special privileges, such as administrators, must be controlled and restricted to only those responsible for managing or maintaining the information systems. 

Review of User Access Rights 

  • System administrators (owners) must conduct a quarterly review of the access rights for critical systems. 

Workstation Lockout 

  • eOne Solutions employees must lock their workstations in case of inactivity and re-enter the password. 
  • Workstations will be automatically locked after 15 minutes of inactivity via policy. 
  • For more information, refer to the eOne Solutions Clear Desk and Clear Screen Policy. 

Password Management 

  • The employees are required to follow the rules for maintaining passwords securely. 
  • For more information, refer to the eOne Solutions Password Management Policy. 
Disciplinary actions 

Employees who violate this policy may face disciplinary consequences in proportion to their violation. Management will determine how severe an employee’s offense is and take the appropriate action. 

Change, Review, and Update 

This policy shall be reviewed once every year unless the owner considers an earlier review necessary to ensure that the policy remains current. Changes to this policy shall be exclusively performed by the Information Security Manager and approved by the IT Committee.  

Responsibility 

This is the responsibility of the Information Security Manager to maintain and make sure everyone is aware of this policy. 

Revisions 
  • 19 September 2024 
  • This policy will be reviewed for continued completeness, relevance, and accuracy at yearly intervals or less. 
Need to contact us?

If there are any questions regarding this Access Management Policy, you may contact us using the information below.

4170 41st Avenue South, Suite 101
Fargo, ND 58104
USA

+1 888-319-3663

privacy@eonesolutions.com