Professional Documents
Culture Documents
ACPL-ISMS-C8.2 Privileged Access Rights Policy
ACPL-ISMS-C8.2 Privileged Access Rights Policy
Document ID ACPL-ISMS-C8.2
Document Classification Internal
Issue Date (effective from) 01.12.2023
Version No 1.0
Latest Review Date 01.12.2023
1. Control statement:
The allocation and use of privileged access rights should be restricted and managed.
2. Purpose:
To ensure only authorized users, software components and services are provided with privileged access rights.
3. Scope:
This procedure covers the control of privileged access right for physical and logical controls .
4. Procedure:
The allocation of privileged access rights has been in accordance with the access control policy.
a) Identifying users who need privileged access rights for each system or process (e.g. operating systems,
database management systems and applications);
e) Making the users aware of their privileged access rights and when they are in privileged access mode.
f) Authentication requirements for privileged access rights can be higher than the requirements for normal access
rights.
h) Granting temporary privileged access just for the time window necessary to implement approved changes or
activities e.g. Maintenance activities or some critical changes
j) Not sharing or linking identities with privileged access rights to multiple persons, assigning each person a
separate identity which allows assigning specific privileged access rights.
k) Only using identities with privileged access rights for undertaking administrative tasks and not for day-to-day
general tasks i.e. checking email, accessing the web etc.
Doc ID: ACPL-ISMS-C8.2 Version 1.0 Last Rev. Date: 01.12.2023 Page 2 of 3
This document is confidential and must not be shared or copied without written permission from
Aethereus Consulting. Please return or destroy upon request.
Privileged access rights Policy
5. Reference:
6. Revision History
Doc ID: ACPL-ISMS-C8.2 Version 1.0 Last Rev. Date: 01.12.2023 Page 3 of 3
This document is confidential and must not be shared or copied without written permission from
Aethereus Consulting. Please return or destroy upon request.