This policy outlines a set of procedures for IT system access and re-certification. It establishes the standards and procedures for maintaining proper system access security at a company. It addresses the definition of process owners, user access rights, reports, and the responsibilities of process owners; adds, changes and deletions of employees’ system access rights; and annual review of access and segregation of duties and approval by the process owners.
This document affects all system access to the system production system. The applicable documents attached in the appendix include a system access request form, system responsibility with functions and users’ report, and system functions by user and by responsibility report.