Access Management Policy
Catalyst desires to exhibit control over the appropriate levels of access to our resources.
This policy will govern resources and access. All users are included in the scope.
Requestors must follow established procedures for submitting access requests.
All Access Changes
All Access Changes should be documented requests using the company ticketing system and submitted according to the current company process.
Granting Access to Resources
- Access to a resource can only be granted by the defined Business Owner.
- All resource grants should have a valid business purpose and should specify a time frame for the access: indefinite or temporary.
- Access Grants should be submitted by an individual's supervisor or higher, or through a documented procedure showing supervisor approval.
Revoking Access to Resources
- Access revokes do not need Business Owner approval.
- User Departures: access to critical resources should be revoked within one business day of a voluntary termination and at the time of exit for non-voluntary terminations.
Violations of the policy will be met with corrective action and carry the possibility of disciplinary action up to, and including, termination.
Exceptions should be well documented and approved by the SCC where possible.
Owner: Security and Compliance Committee
$Date: 2018-12-13 12:29:08 -0700 (Thu, 13 Dec 2018) $
$Revision: 472629 $