Access Control Policy
27 March 2024 Update: This document has been updated with a cross reference to the new Confidential Information Policy.
This Access Control Policy is an IT policy template designed to set out the measures to be taken by a business (and its employees/contractors etc.) with respect to the control of access (both electronic and physical) to its IT systems.
This IT policy is designed to be used in conjunction with the IT Security Policy, which covers a range of IT security issues and includes cross references to this document and other relevant policies. If desired, the IT Security Policy contains shorter, simpler provisions on access control, which can be used instead of this separate document.
Key sections in this Access Control Policy deal with electronic access control, password and device security, and physical access control.
Electronic access control covers user accounts and levels of access privileges. To help protect IT systems and data, the policy employs the principle of “least privilege”, meaning that users should only be granted the level of access that is required to perform their job role. Other key points under this heading include reviews, suspensions, deletions, and modifications of and to accounts.
The section on password and device security covers a range of related issues including strong password requirements, prohibitions on password sharing, security through the automatic activation of screensavers and/or device locking/sleeping and forgotten passwords.
Physical access control deals with hardware, including measures such as locking rooms containing IT systems, and limiting access to servers and other infrastructure using smart cards and coded locks.
Optional phrases / clauses are enclosed in square brackets. These should be read carefully and selected so as to be compatible with one another. Unused options should be removed from the document.
This Access Control Policy contains the following sections:
1. Introduction
2. Scope and Key Principles
3. Electronic Access Control
4. Password and Device Security
5. Physical Access Control
6. Reporting IT Security Breaches
7. Policy Review
8. Implementation of Policy
This Access Control Policy is unlocked and in .doc format. Either enter the requisite details in the highlighted fields or adjust the wording to suit your purposes.
Once you have purchased access to the appropriate document folder click on the “Download Document” link below. You will be asked what you want to do with the file. It is recommended that you save the document to a location of your choice prior to viewing.
Access Control Policy is part of Business Documents. Just £35.00 + VAT provides unlimited downloads from Business Documents for 1 year.