Content library
Julkri: TL IV-I
TEK-07.3: Pääsyoikeuksien hallinnointi - pääsyoikeuksien ajantasaisuus

How to fill the requirement

Julkri: TL IV-I

TEK-07.3: Pääsyoikeuksien hallinnointi - pääsyoikeuksien ajantasaisuus

Task name
Priority
Status
Theme
Policy
Other requirements
Regular reviewing of data system access rights
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
System management
Access control and authentication
requirements

Task is fulfilling also these other security requirements

I06: Pääsyoikeuksien hallinnointi
Katakri
16 §: Tietojärjestelmien käyttöoikeuksien hallinta
TiHL
24. Responsibility of the controller
GDPR
32. Security of processing
GDPR
5. Principles relating to processing of personal data
GDPR
1. Task description

Data system owner determines the access roles to the system in relation to the tasks of users. The compliance of the actual access rights with the planned ones must be monitored and the rights reassessed at regular intervals.

When reviewing access rights, care must also be taken to minimize admin rights and eliminate unnecessary accounts.

Instructions for reporting changes affecting access rights
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
System management
Access control and authentication
requirements

Task is fulfilling also these other security requirements

I06: Pääsyoikeuksien hallinnointi
Katakri
9.2.6: Removal or adjustment of access rights
ISO27 Full
PR.AC-1: Identity and credential management
NIST
TEK-07.3: Pääsyoikeuksien hallinnointi - pääsyoikeuksien ajantasaisuus
Julkri
5.18: Access rights
ISO27k1 Full
1. Task description

Supervisors have been instructed to notify the owners of data systems in advance of significant changes in the employment relationships of subordinates, such as promotions, discounts, termination of employment or other changes in the job role.

Based on the notification, a person's access rights can be updated either from the centralized management system or from individual data systems.

Review of access right for changed employee roles
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Changes in employment relationships
requirements

Task is fulfilling also these other security requirements

9.2.5: Review of user access rights
ISO27 Full
UAC-06: Managing user privileges
Cyber Essentials
HAL-15: Työskentelyn tietoturvallisuus koko palvelussuhteen ajan
Julkri
TEK-07.3: Pääsyoikeuksien hallinnointi - pääsyoikeuksien ajantasaisuus
Julkri
5.18: Access rights
ISO27k1 Full
1. Task description

In all changes on employment relationship, access rights should be reviewed in cooperation with the owners of the protected property and re-granted to the person completely when there is a significant change in the person's employment. A change can be a promotion or a change of role (e.g., moving from one unit to another).

No items found.