DATA PROTECTION
User Access Audits/Reviews:
Assigned team members will complete regular audits of user access to our systems
and information. All or some users’ access will be revoked if it is determined it is no
longer needed or not required to meet job requirements.
Since system owners/managers are most familiar with team members’ specific job
responsibilities, they must also periodically review who has access to information
and/or systems and determine if access is still warranted. If access is no longer
needed or should be modified, a user access request must be submitted through our
company process within 24 business hours after it is determined the access is no
longer needed.
Non-Usage Review:
In addition to auditing user access, reviews of the last time an employee has logged
into a system or accessed information are completed to determine if continued
access is needed.
Users that have not accessed a system or information within 60 days will have their
access either removed or modified as needed. System owners/managers will be
informed as needed before access is impacted.
Employees on Leave/User Access:
If an employee is on leave for any reason, their system access must be suspended
when they are placed on leave. This includes access to company email as well as
company devices including computers, mobile devices, etc.
Access should remain off until the employee is returned to an active status if they
are returning to the same role and same responsibilities. If they are returning to a
different role or job responsibilities, a new/modified user access request should be
submitted through our company process.
When warranted and for specific business reasons, an executive leader (CEO or his
designee’s) can approve for user access to remain on while an employee is on-leave.
Requests of this nature for an executive leader (CEO or his designee’s) review are
handled through our Human Resource Department.