Written by AIJanuary 21, 2024
Root and Administrator account policy
IT Policy Article
-
Table of Contents
EDC Inc Root and Administrator Account Policy
This policy outlines the guidelines and procedures for the management of root and administrator accounts at EDC Inc. It is designed to protect the integrity, confidentiality, and availability of our information assets and systems.
Scope
This policy applies to all EDC Inc employees, contractors, and third-party service providers who have access to systems and networks that are owned, operated, or provided by EDC Inc.
Policy
Account Creation
All root and administrator accounts must be created by the IT Server Build Operations department. The creation of these accounts must be documented in the CMDB inventory management tool.
Account Usage
Root and administrator accounts are to be used only for system maintenance, configuration, and troubleshooting. They should not be used for routine tasks. The use of these accounts must be approved by the IT Director or Manager of the respective department.
Account Access
Access to root and administrator accounts is restricted to authorized personnel only. The IT Security Operations department is responsible for managing access to these accounts. Any request for access must be approved by the IT Director or Manager of the respective department and documented in the CMDB.
Account Passwords
Passwords for root and administrator accounts must be complex and changed every 30 days. The IT Server Operations department is responsible for managing the password change process. Any exceptions to this rule must be approved by IT Security and documented as an IT Exception.
Account Auditing
All activities performed using root and administrator accounts must be logged and audited by the IT Audit and Compliance department. Any suspicious activity must be reported to the IT-SOC for incident management.
Account Deactivation
Root and administrator accounts must be deactivated when no longer needed or when the account holder leaves EDC Inc. The IT Server Operations department is responsible for deactivating these accounts. The deactivation must be documented in the CMDB.
Policy Violations
Any violation of this policy may result in disciplinary action, up to and including termination of employment. The Corporate Physical Security department is responsible for enforcing this policy.
Policy Review
This policy will be reviewed annually by the IT Audit and Compliance department. Any changes to the policy must be approved by the CAB.
Summary
The Root and Administrator Account Policy at EDC Inc is designed to protect our information assets and systems. It outlines the procedures for the creation, usage, access, password management, auditing, and deactivation of root and administrator accounts. The policy also defines the responsibilities of various departments in managing these accounts. Compliance with this policy is mandatory for all EDC Inc employees, contractors, and third-party service providers.
You may also like
Archives
Calendar
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 | |