Itilso0102 access management process

Page 1

Access Management Process

Implementation Guidance (this section must be removed from final version of the document)

Purpose of this document This document sets out the access management process including flowchart, activities, reporting and roles and responsibilities.

Areas of the ITIL® Framework addressed The following areas of the ITIL Framework are addressed by this document: Service Operation – Access Management

General Guidance The control of access to systems and services is a vital element of effective security and one which is often the source of publicized breaches. It is important to have a clear, defined process for user creation and access rights amendment which is audited on a regular basis. Many organizations also fail to review who has access to which systems (and their level of access) resulting in a form of “access creep” where employees collect access rights as they move from role to role. It is well worth spending a significant amount of time up front to put an accurate, role-based security framework in place and then ensuring that this is placed under strict change management. For some application systems the definition of roles and authorities is a specialized skill which may require external resource to get right.

Review Frequency We would recommend that this document is reviewed annually.

Toolkit Version Number ITIL® 2011 Service Operation Process and Policy Pack Version 1 ©CertiKit 2015.

Acknowledgements ITIL is a registered trade mark of AXELOS Limited.

Version 1

Page 1 of 35

Insert date Powered by CertiKit


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.