SarbanesOxleyFocus.com

December 13, 2008

Sample Access Control Policy Statements

Filed under: policy, sarbanes oxley, template — admin @ 4:00 pm

Below sample access control policy statements that can be used for your company or IT department policy:

  • Data access will be restricted to those with a need to know, denying access to the data by all others. The business units will determine need to know for all employees.
  • All possible control measures will be applied for maintaining the reliability and accuracy of published and nonpublished information without conflicting with read-only rights.
  • Personal medical information will be managed for control of access in conformance with HIPAA regulations.
  • Directory-enabled access controls will be used for all applications capable of integration with our service directory architecture either through standard LDAP API or custom coding.
  • Finite access controls restricting access to by-name access rights will be used for all financial databases, spreadsheets, and reports.

Security Controls for Sarbanes-Oxley Section 404 IT Compliance 2006, Dennis Brewer

Popularity: 20% [?]

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • StumbleUpon
  • Digg
  • del.icio.us
  • Technorati
  • Sphinn
  • Facebook
  • Mixx
  • Google
  • blinkbits
  • BlinkList
  • NewsVine

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment

Powered by WordPress