Access Management Policy
Catalyst desires to exhibit control over the appropriate levels of access to our resources.
This policy will govern resources and access. All users are included in the scope.
All Access Changes
All Access Changes must be documented requests using the company ticketing system and submitted according to the current company process.
Granting Access to Resources
- Access to a resource can only be granted by the defined Business Owner.
- All resource grants must have a valid business purpose and should specify a time frame for the access: indefinite or temporary.
- Access Grants are submitted by an individual's supervisor or higher, or through a documented procedure showing supervisor approval.
Revoking Access to Resources
- Access revokes do not need Business Owner approval.
- User Departures: access to critical resources must be revoked within one business day of a voluntary termination and at the time of exit for non-voluntary terminations.
Violations of the policy will be met with corrective action and carry the possibility of disciplinary action up to, and including, termination.
Exceptions should be well documented and approved by the SCC where possible.
Owner: Security and Compliance Committee
$Date: 2018-08-13 08:10:47 -0600 (Mon, 13 Aug 2018) $
$Revision: 469664 $