Turvallisuusalue - Pääsyoikeuksien ja avaintenhallinnan menettelyt

Avaustunnisteet annetaan mahdollisimman harvoille henkilöille ja henkilöt osaavat numeroyhdistelmät ulkoa.

The organisation must define procedures and roles for access rights and key management in the area. Access to the area can be restricted either mechanically, electronically or based on personal identification. A responsible person shall be appointed for the area to manage the access rights and key management procedures. Spare keys for the area shall be stored securely and locked in a sealed storage envelope with a date of closure and receipt or, alternatively, in a key cabinet connected to an access control system. Keys shall be handed over in connection with the job and against receipt. The procedure is described in the security management guidelines. Access to the area is not permitted with a master key suitable for a lower level facility.

A responsible person has been appointed to ensure the following access rights and key management procedures are in place.

• Access rights and key management procedures and roles are established, documented and instructed.
• A list of access rights and key holders is maintained.
• Access rights are regularly audited and kept up to date.
• responsibility for additional orders and changes to keys and access codes is assigned.
• key cards, unallocated keys and access codes are stored appropriately.
• the reason for key issuance is documented.
• keys are issued only to the person with independent access rights to the area.
• changes in personnel are communicated to the key management authority as appropriate.