This policy shall be reviewed by relevant stakeholders, send feedbacks and shall be approved by relevant Decision Makers and with the Final Approval of the Legal Department for Implementation.
Furthermore please check the latest BSP MORB Guidelines and Requirements to confirm the policies and procedures stated herein.
Introduction:
This policy outlines the procedures for granting remote access to IT systems and resources within the organization, including the creation of user accounts, password management, and the revocation of access. This policy is intended to ensure the confidentiality, integrity, and availability of IT systems and resources by controlling and monitoring remote access to them.
Scope: This policy applies to all employees, contractors, and other individuals who are granted remote access to the organization's IT systems and resources, including but not limited to: servers, databases, applications, and network resources.
Policy:
User account creation:
All remote access user accounts must be created and approved by the designated IT administrator or an authorized representative.
Each user account must be assigned a unique username and password, and the password must meet the organization's password complexity requirements.
Users must not share their account credentials with any other individual.
Password management:
Passwords must be changed at least every 90 days or immediately if there is a suspicion of compromise.
Passwords must not be written down or stored in plain text.
Passwords must not be easily guessable, such as using personal information or commonly used words.
Remote access revocation:
Remote access to IT systems and resources must be revoked immediately upon termination of employment or contract.
Remote access to IT systems and resources must be revoked immediately if there is a suspicion of compromise or unauthorized access.
Remote access to IT systems and resources must be reviewed and revoked as necessary on a regular basis.
Implementation:
The IT department is responsible for the implementation and enforcement of this policy.
The IT department must establish a process for the creation, management, and revocation of remote access user accounts and access to IT systems and resources.
The IT department must conduct regular audits to ensure compliance with this policy.
Enforcement:
Non-compliance with this policy may result in disciplinary action, up to and including termination of employment or contract.
Any suspected violations of this policy must be reported to the IT department immediately.