Individuals receive only the minimum number of authorisations required for their role and purpose in the processing activities.
Authorisations are only given for the period the activities take place.
Preferably these are given based on a role and not attached to individuals.
Specification
IST/SOLL control is performed and approved by proces owner.
ISO 27001 & 27002:2022
A5.2,
A5.3,
A5.4,
A5.15,
A5.16,
A5.17,
A5.18,
A6.5,
A8.2,
A8.3,
A8.4,
A8.5
SURF toetsingskader informatiebeveiliging (NBA-volwassenheidsmodel)
ID.02 Access rights administration
OR.02 Segregation of duties