Written by AIJanuary 21, 2024
User account Policy
IT Policy Article
-
Table of Contents
EDC Inc User Account Policy
This policy outlines the rules and guidelines for creating, managing, and terminating user and service accounts at EDC Inc. It is designed to ensure the security and integrity of our information systems and to protect the company’s assets and data.
1. Account Creation
All user and service accounts must be created in Active Directory. The IT Server Build Operations department is responsible for creating these accounts. The following guidelines must be followed:
- Each user must have a unique username and password.
- Passwords must meet the company’s password complexity requirements.
- Service accounts must be associated with a specific service and must have the minimum necessary permissions to perform their function.
- All accounts must be documented in the CMDB inventory management tool.
2. Account Management
The IT Server Operations department is responsible for managing user and service accounts. This includes regular password changes, account reviews, and access level adjustments. The following guidelines must be followed:
- Passwords must be changed every 90 days.
- Accounts must be reviewed every six months to ensure that access levels are still appropriate.
- Any changes to access levels must be approved by the IT Security Operations department and documented in the CMDB.
3. Account Termination
The IT-SOC (Incident Management) department is responsible for terminating user and service accounts. This includes when an employee leaves the company, when a service is decommissioned, or when an account is suspected of being compromised. The following guidelines must be followed:
- Accounts must be disabled immediately upon termination of employment or service.
- Accounts must be deleted from Active Directory and the CMDB within 30 days of termination.
- Any suspected compromise of an account must be reported to the IT Security Operations department immediately.
4. Exceptions
Any exceptions to this policy must be approved by the IT Security Operations department and documented in the CMDB. This includes any accounts that cannot be managed in Active Directory, any accounts that require higher than normal permissions, and any accounts that cannot be terminated within the standard timeframe.
5. Compliance
The IT Audit and Compliance department is responsible for ensuring compliance with this policy. This includes regular audits of user and service accounts, as well as enforcement of the policy’s guidelines. Any violations of this policy will be addressed by the IT Security Operations department and may result in disciplinary action.
6. Patching
Each server must be patched every 30 days, unless an “IT Exception” is approved by “IT Security”. OS patching is managed by IT Server Operations.
Summary
This User Account Policy is designed to ensure the security and integrity of EDC Inc’s information systems. By following these guidelines, we can protect our company’s assets and data, and ensure that our systems are managed in a secure and efficient manner. It is the responsibility of all employees to adhere to this policy and to report any suspected violations to the IT Security Operations department.
You may also like
Archives
Calendar
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 | |