Name

School

Date

Richman Investments Access Control Policy

Effectivity Date : January 30, 2021

Purpose :

The purpose of this access control policy to provide standards and limitations as well as

identify staff or people inside the organization of Richman Investments who can have access to

the company’s systems and applications. With this access control policy, it is hoped that

unauthorized access that will result in the possible financial loss, breach of privacy data, loss of

confidence of both partners and customers, and failure to comply with the requirements of the

HIPAA would be avoided.

Policy Statement:

The organization shall implement the following policies shall be implemented by the

organization in terms of accessing the company’s systems, applications, and data both from the

organization and its clients.

1.Authorization

Richman Investments needs to identify specific people who will be able to access the

company’s computers and network resources.

A gaggle membership policy or an authority-level policy will be a good way of

implementing this scheme. With the implementation of group policy, it is ensured that the

administrator will be capable of assigning different privileges to different groups of individuals.

The permission and access level of each member of a group or individual will be dependent on

their role in the organization. With this scheme, it is ensured that people who do not need to

access certain data for their complete their jobs would not be granted access.

The tendency is that the higher the role of an individual in the organization, the more he

has access rights compared to members of an organization whose role is specific to a certain area

only. For example, a cashier could only have access to the application concerning the payment of

fees, while, the finance manager, could have access to the whole application that is relevant to

the concerns of the finance department.

Role-based access should be implemented and it should be ensured that the users are

granted access to the company’s computers, apps, and data because their role in the organization

requires its access end it is mandatory in the execution of their assigned duties and

responsibilities.

Besides, the company must ensure that the employees themselves are prohibited from

granting their selves certain access rights.

2. Identification
 After identifying the access rights of certain individuals and groups of the organization,

the next concern is how to identify each of the users to ensure that only the data that they should

have access to will be viewed by them. For this, the most common and practical implementation

is through the use of a userID, a login password, and a PIN. The account variety should have

been identified during the registration of the user.

3. Authentication

Authentication is one of the hearts of the access policy. An authentication process that is

secure needs to be implemented. To do this, usually, a combination of the information entered

during registration is used to authenticate the access of the user. A password or passphrase,

token, key card, and secrete words are just some of the possible ways to enforce better security.

4. Accountability

Richman Investments should properly spell-out and lay-out the corresponding

accountabilities of concerned people regardless of their positions in the organization. Applicable

laws and their conditions should be well spelled out in the policy as well as the possible

sanctions when the provisions are not followed.

Changes in the Policy

The access policy should make sure that any changes in the approved policy should be

properly documented and smoothly implemented with prior information to all concerned.
 Works Cited

Norman, Thomas (2017). “How Electronic Access Control Systems Work.” Retrieved from

https://www.sciencedirect.com/topics/computer-science/access-control-policies

Getgenea.com (2019(. “Creating and Implementing an Access Control Policy.” Retrieved from

https://www.getgenea.com/blog/creating-and-implementing-an-access-control-policy/