User Access Management. OneStream will:
User Access Management. The Supplier has a duty to limit access to personal data on a "need to know" basis. The Supplier is required to assess the nature of access allowed to an individual user. The Supplier agrees that individual staff members shall only have access to data which they require in order to perform their duties, prevent use of shared credentials (multiple individuals using a single username and password) and detect use of default passwords. Accesscontrol must be supported by regular reviews to ensure that all authorized access to personal data is strictlynecessary and justifiable for the performance of a function. The Supplier has policies in place regarding vetting and oversight of the staff members allocated these accounts. A staff member with similar responsibilities should have separate user and administrator accounts. Multiple independent levels of authentication may be appropriate where administrators have advanced or extra access to personal data or where they have access or control of other’s account or security data. The Supplier agrees to have strict controls on the ability to download personal data from an organization’s systems. The Supplier agrees to block such downloading by technical means (disabling drives, isolating network areas or segments, etc.). User registration and deregistration A formal process should exist to management the assignment, adjustment, and revoking of access rights, considering scenarios such as starters/leavers as well as changing of jobs internally within the organization ISO 27001 A.9.2.1 ISO 27001 A.9.2.2 ISO 27001 A.9.2.6
User Access Management. Matterport will maintain logical access controls designed to manage electronic access to data and system functionality based on authority levels and job functions, (e.g., granting access on a need-to-know and least privilege basis, use of unique IDs and passwords for all users, periodic review, and revoking/changing access promptly when employment terminates or changes in job functions occur). • Password Management. Matterport will maintain password controls designed to manage and control password strength, expiration, and usage including prohibiting users from sharing passwords. Matterport shall ensure password hardening standards are in place that align with accepted industry security frameworks to ensure sufficient controls. • Workstation Protection. Matterport will implement protections on end-user devices and monitor those devices to be in compliance with the security standard requiring screen lock timeout, malware software, firewall software, remote administration, unauthenticated file sharing, hard disk encryption and appropriate patch levels. Controls are implemented to detect and remediate workstation compliance deviations. Matterport will securely sanitize physical media intended for reuse prior to such reuse and will destroy physical media not intended for reuse. • Media Handling. Matterport will implement protections to secure portable storage media from damage, destruction, theft or unauthorized copying and the personal data stored on portable media through encryption and secure removal of data when it is no longer needed. Additional similar measures will be implemented for mobile computing devices to protect personal data.
User Access Management. To protect against unauthorized access or misuse of Confidential Information residing on Supplier Information Processing Systems, Supplier will:
User Access Management. Alteryx implements access control policies to support creation, amendment, and deletion of user accounts for systems or applications storing or allowing access to Licensee Content. Alteryx’s user account and access provisioning process assigns and revokes access rights to systems and applications, restricting access to only those Alteryx personnel and Subprocessors that require access, and solely to the extent so required, to fulfill Alteryx’s obligations under the Agreement or to comply with Applicable Law.
User Access Management. Data Processor shall ensure authorized user access only and prevent unauthorized access to systems and services. Minimum requirements:
User Access Management. 5.1.1 Management of Client and Avanade user accounts within Avanade systems shall follow Avanade's corporate access control procedures. X X
User Access Management. Access to Company is controlled through a formal user registration process beginning with a formal notification from HR or from a line manager. • Each user is identified by a unique user ID so that users can be linked to and made responsible for their actions. The use of group IDs is only permitted where they are suitable for the work carried out. • There is a standard level of access; other services can be accessed when specifically authorized by HR/line management. • The job function of the user decides the level of access the employee has to cardholder data • A request for service must be made in writing (email or hard copy) by the newcomer’s line manager or by HR. The request is free format, but must state: Name of person making request; Job title of the newcomers and workgroup; Start date; Services required (default services are: MS Outlook, MS Office and Internet access). • Each user will be given a copy of their new user form to provide a written statement of their access rights, signed by an IT representative after their induction procedure. The user signs the form indicating that they understand the conditions of access. • Access to all the Company systems is provided by IT and can only be started after proper procedures are completed. • As soon as an individual leaves the Company employment, all his/her system logons must be immediately revoked. • As part of the employee termination process HR (or line managers in the case of contractors) will inform IT operations of all leavers and their date of leaving.
User Access Management. End User authorizes access to Confidential Information and User Data on a need-to-know basis. When the data resides physically or logically within End User- managed environments, Rebellion Training access will be subject to End User’s access management policies and procedures. End User must authorize all decisions for access to Confidential Information and User Data residing within End User-managed environments. Rebellion Training may not extend access to Confidential Information and User Data residing within End User-managed environments to third parties without prior written consent. All user accounts used to access Confidential Information and User Data must be unique and clearly associated with an individual user. Rebellion Training must ensure unique assignment of User IDs, tokens, or physical access badges provided to employee or contingent staff. Rebellion Training must ensure all user, System, service, and administrator accounts and passwords are never shared. Rebellion Training is responsible for reviewing authorization privileges assigned to its employees and contingent staff on a quarterly basis to ensure that access is appropriate for the user’s functioning role. Access authorization should follow “principles of least privilege.” Rebellion Training must ensure procedures exist for prompt modification or termination of access rights in response to organizational changes. Rebellion Training must identify and disable inactive user accounts within 10 business days. Rebellion Training must immediately notify End User in writing if a Rebellion Training employee or Rebellion Training contractor with access to End User-managed Systems terminates, no longer requires access to the End User account, or requires changes to the user account. Notification must include name and User ID of the accounts or Systems the person has access to.
User Access Management. Access to Gateway Solutions s.r.o. is controlled through a formal user registration process beginning with a formal notification from HR or from a line manager. Each user is identified by a unique user ID so that users can be linked to and made responsible for their actions. The use of group IDs is only permitted where they are suitable for the work carried out. There is a standard level of access; other services can be accessed when specifically authorized by HR/line management. The job function of the user decides the level of access the employee has to cardholder data A request for service must be made in writing (email or hard copy) by the newcomer’s line manager or by HR. The request is free format, but must state: Name of person making request; Job title of the newcomers and workgroup; Start date; Services required (default services are: MS Outlook, MS Office and Internet access). Each user will be given a copy of their new user form to provide a written statement of their access rights, signed by an IT representative after their induction procedure. The user signs the form indicating that they understand the conditions of access. Access to all Gateway Solutions s.r.o. systems is provided by IT and can only be started after proper procedures are completed. As soon as an individual leaves Gateway Solutions s.r.o. employment, all his/her system logons must be immediately revoked. As part of the employee termination process HR (or line managers in the case of contractors) will inform IT operations of all leavers and their date of leaving.
