Regular reviewing of data system access rights

Critical
High
Normal
Low

Data system owner determines the access roles to the system in relation to the tasks of users. The compliance of the actual access rights with the planned ones must be monitored and the rights reassessed at regular intervals.

When reviewing access rights, care must also be taken to minimize admin rights and eliminate unnecessary accounts.

Connected other frameworks and requirements:
I06: Pääsyoikeuksien hallinnointi
4 luku, 16 §: Tietojärjestelmien käyttöoikeuksien hallinta
24. Responsibility of the controller
GDPR
32. Security of processing
GDPR
5. Principles relating to processing of personal data
GDPR
No items found.