Can anyone assist by sharing their organisation's policy / procedure on the
authorisation of access and access levels to IT networks/ systems.
I have been asked to produce one as a standard for my organisation and
although I know policies I am not a "techie" and don't know what is
involved. I have produced a straightforward process map of the steps from
originating request to receipt at IT, but am stuck on the actual policy.
This may not seem like a DPA request , but it has stemmed from
inappropriate access and subsequent disclosure of personal data.
Trolling the web has left me none the wiser.
Any help, tips would be gratefully appreciated.
Moira
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|