ISO 27001 Annex : A.9.2 User Access Management
ISO 27001 Annex : A.9.2 User Access Management Its objective is to ensure approved user access and avoid unauthorized access to systems and facilities. A.9.2.1 User registration and de-registration Control- In order to allow the assignment of access rights, a systematic process of user registration and de-registration should be enforced. Implementation guidance- The process to manage user IDs should include: Use unique user IDs to encourage users to be connected to and hold accountable for their actions; use of shared IDs should only be permitted where they are required for business or operational purposes and should be authorized and documented. Immediately disable or delete user IDs of people that have left the organization . Identifying and deleting or disabling redundant user IDs on a periodically Making sure that other users do not receive redundant UIs. Related Product : ISO 27001 Lead Auditor Training And Certific...