Purpose
Ensure least privilege and secure access to systems and data.
- Workforce uses SSO; MFA required for privileged access.
- Access is provisioned by role (RBAC) and approved by system/data owners.
- Quarterly access reviews for critical systems.
- Terminated accounts disabled within 24 hours.
- Shared accounts prohibited except approved service accounts with vaulting.
Violations may result in access revocation and disciplinary action.