42 lines
1.7 KiB
YAML
42 lines
1.7 KiB
YAML
PolicyTitle: Application access policy
|
|
RelevantStandardArticles:
|
|
- ISO27001:2022:5.15
|
|
- ISO27001:2022:5.18
|
|
VersionControl:
|
|
VersionNumber: '3.14'
|
|
VersionDate: '2024-12-15'
|
|
DocumentOwner: Alex Hanover
|
|
ApprovedBy: Marian Faithful
|
|
ApprovedDate: '2025-01-08'
|
|
NextReview: '2025-12-15'
|
|
Purpose:
|
|
Goal: To protect classified data from unauthorized access
|
|
Scope: All applications in use within the organization
|
|
RisksMitigated: Unauthorized access to classified data
|
|
ControlsImplemented:
|
|
- ISO27001:2022:5.15
|
|
- ISO27001:2022:5.18
|
|
Method:
|
|
Implementation: To mitigate the risk of X, controls A, B and C will be implemented
|
|
on asset Y by Responsible Z. The effectiveness will be measured through P and
|
|
will be evaluated by Q according to method R, following planning S.
|
|
Metrics: Number of users with unjustly granted access to each application, compared
|
|
to the necessary access following from the Job Framework
|
|
Measurement: The number of users with unjust access will be determined each quarter
|
|
by HR, based on the current access matrix delivered by IT
|
|
Evaluation: The effectiveness of the control will be evaluated quarterly by the
|
|
Compliance Officer in a meeting with HR and IT
|
|
ReviewsAndChanges:
|
|
Review: This policy will be reviewed yearly or if relevant and significant changes
|
|
occur in the organization, in a meeting with the CISO, COO and Compliance Officer
|
|
Changes: Changes to this policy will be prepared by the policy owner and proposed to the CISO.
|
|
Responsibilities:
|
|
PolicyWriting: IT consultant
|
|
PolicyApproval: CISO
|
|
Implementation: IT Administration dept.
|
|
Documentation:
|
|
PolicyDocuments: []
|
|
ProcedureDescriptions: []
|
|
ProofExecution: []
|
|
MeasurementReports: []
|
|
EvaluationReports: []
|