Professional Documents
Culture Documents
To ensure
authorized user
A.9.2 User access and to
A.9 Access Access prevent
2 Control Manageme unauthorized A.9.2.1
nt access to
systems and
services
To ensure
authorized user
A.9.2 User access and to
A.9 Access Access prevent
3 Control Manageme unauthorized A.9.2.1
nt access to
systems and
services
To ensure
authorized user
A.9.2 User access and to
9 A.9 Access Access prevent A.9.2.3
Control Manageme unauthorized
nt access to
systems and
services
A.9.4 To prevent
12 A.9 Access System and
Application
unauthorized
access to A.9.4.2
Control Access systems and
Control applications
To ensure that
information
A.14 System A.14.2 security is
acquisition, Security in designed and
developme developme implemented
32 nt and nt and within the A.14.2.2
maintenanc support development
e processes lifecycle of
information
systems
Gaps Identified Recommendation
2. Old unused user IDs are reused by 2. Old unused user IDs should not reused by
assigning them to new users. (MES assigning them to new users. (MES
Vijaynagar) Vijaynagar)
4. Learnings and user manuals are not 4. Learnings and user manuals are
documented (MES Vijay Nagar, ValueApps) documented during the course of SDLC.
Target Date Status
30-Sep-21
Open
Open
Open
15-Oct-21
Open
10-Oct-21
Open
Commercials
No
Yes
No
Yes
Comments
.User access mgmt policy to be enhanced to stop the reuse of unused user accounts to new users during
the creation of user accounts.
.Introduce db user and user id mapping table in SPTS to ensure the unique user ids.
Allocated privileged(application admin) access report to be generated from each MES application.
Login screen to have static content on JSW confidential message. Show last login details in MES
applications.
Exceptional apps are CRM2 MES,BRM2 MES.
Learnings are added in MSP where minimum details are added. Document to be maintained along
with project docs.
User manual:
Option1:Technical writer is required to prepare exhaustive user manual and will be placed in
respective project folder for longer run.
AD IDAM
KPMG Comments Authotication Implementation
Y
(Only in
SPTS)
Y
(changing
user IDs)
Y
(User
Access
Report)
Y
(Login
Screen
Changes)
Y
(User
Manuals)
Security Management
Team DBA Points
Y
(new role as
technical writer)