Professional Documents
Culture Documents
School
Date
Purpose :
The purpose of this access control policy to provide standards and limitations as well as
identify staff or people inside the organization of Richman Investments who can have access to
the company’s systems and applications. With this access control policy, it is hoped that
unauthorized access that will result in the possible financial loss, breach of privacy data, loss of
confidence of both partners and customers, and failure to comply with the requirements of the
Policy Statement:
The organization shall implement the following policies shall be implemented by the
organization in terms of accessing the company’s systems, applications, and data both from the
Richman Investments needs to identify specific people who will be able to access the
implementing this scheme. With the implementation of group policy, it is ensured that the
The permission and access level of each member of a group or individual will be dependent on
their role in the organization. With this scheme, it is ensured that people who do not need to
access certain data for their complete their jobs would not be granted access.
The tendency is that the higher the role of an individual in the organization, the more he
has access rights compared to members of an organization whose role is specific to a certain area
only. For example, a cashier could only have access to the application concerning the payment of
fees, while, the finance manager, could have access to the whole application that is relevant to
Role-based access should be implemented and it should be ensured that the users are
granted access to the company’s computers, apps, and data because their role in the organization
requires its access end it is mandatory in the execution of their assigned duties and
responsibilities.
Besides, the company must ensure that the employees themselves are prohibited from
2. Identification
After identifying the access rights of certain individuals and groups of the organization,
the next concern is how to identify each of the users to ensure that only the data that they should
have access to will be viewed by them. For this, the most common and practical implementation
is through the use of a userID, a login password, and a PIN. The account variety should have
3. Authentication
Authentication is one of the hearts of the access policy. An authentication process that is
during registration is used to authenticate the access of the user. A password or passphrase,
token, key card, and secrete words are just some of the possible ways to enforce better security.
4. Accountability
laws and their conditions should be well spelled out in the policy as well as the possible
The access policy should make sure that any changes in the approved policy should be
properly documented and smoothly implemented with prior information to all concerned.
Works Cited
Norman, Thomas (2017). “How Electronic Access Control Systems Work.” Retrieved from
https://www.sciencedirect.com/topics/computer-science/access-control-policies
Getgenea.com (2019(. “Creating and Implementing an Access Control Policy.” Retrieved from
https://www.getgenea.com/blog/creating-and-implementing-an-access-control-policy/