Access Provisioning Process

Establish the access provisioning process for assigning and revoking access rights granted to Information Asset or Information System

Scope

This Process applies to all, including but not limiting Employees, Third-parties, servers, network devices, external storage media, applications, that contain or transmit Corporate Group’s information.

This Process applies throughout the Corporate Group as part of the information security management system framework.

Process Diagram

Access Provisioning Process Diagram

Procedures of Process

#
Procedure
Description
Result
Responsible
Time limits

1

Fill-in Access Request Form

Access Request Form is filled-in in Ticketing Platform. Information Asset, modification type (grant or remove access), and to whom modification is needed must be filled-in.

Filled-in Access Request Form

Requestor

When needed

2

Access Modification

Access to Requestor is modified according to Access Request form if approved by Supervisor and Information Asset owner.

Access modified

Administrator

In 2 days after Information Asset approval

3

Notify Requestor

Requestor is notified with an access request rejection message from Ticketing Platform when access request is not approved.

Requestor is notified with access provision message from Ticketing Platform when access request is approved and modified.

Administrator may send additional messages with credentials or other information using the Corporate Group’s communication tools. | Notified Requestor | Ticketing Platform / Administrator | Immediately after rejection or modification of access |

Review

This Process is maintained in accordance with the Information Security Policy.

Revision History

Version
Author
Approved By
Revision date
Approval date

0.1

GK

2023-05-20

2023-05-23

0.2

DM

2023-11-02

2023-11-02

0.3

GK

DM

2024-09-10

2024-09-10

PreviousAccess Control PolicyNextAccess Review Process

Last updated