PolicyTitle: Application access policy
RelevantStandardArticles:
- ISO27001:2022:5.15
- ISO27001:2022:5.18
VersionControl:
  VersionNumber: '3.14'
  VersionDate: '2024-12-15'
  DocumentOwner: Alex Hanover
  ApprovedBy: Marian Faithful
  ApprovedDate: '2025-01-08'
  NextReview: '2025-12-15'
Purpose:
  Goal: To protect classified data from unauthorized access
  Scope: All applications in use within the organization
  RisksMitigated: Unauthorized access to classified data
  ControlsImplemented:
  - ISO27001:2022:5.15
  - ISO27001:2022:5.18
Method:
  Implementation: To mitigate the risk of X, controls A, B and C will be implemented
    on asset Y by Responsible Z. The effectiveness will be measured through P and
    will be evaluated by Q according to method R, following planning S.
  Metrics: Number of users with unjustly granted access to each application, compared
    to the necessary access following from the Job Framework
  Measurement: The number of users with unjust access will be determined each quarter
    by HR, based on the current access matrix delivered by IT
  Evaluation: The effectiveness of the control will be evaluated quarterly by the
    Compliance Officer in a meeting with HR and IT
ReviewsAndChanges:
  Review: This policy will be reviewed yearly or if relevant and significant changes
    occur in the organization, in a meeting with the CISO, COO and Compliance Officer
  Changes: Changes to this policy will be prepared by the policy owner and proposed to the CISO.
  Responsibilities:
    PolicyWriting: IT consultant
    PolicyApproval: CISO
    Implementation: IT Administration dept.
Documentation:
  PolicyDocuments: []
  ProcedureDescriptions: []
  ProofExecution: []
  MeasurementReports: []
  EvaluationReports: []