9.1 Business requirements for access control:
9.1.1 User Access to the network, applications and systems will bye granted to the minimum they need to perform their duties.
9.1.2 Access to folders on the file server will be allowed only to the employee’s personal folder and his department files of relevance, upon request of the direct manager and after approval of the data owner.
9.1.3 Each request for access of non-employees of the organization to Diplomat Group’s network, applications and information, will be reviewed on by the Chief Information Security Officer after submitting a detailed application by an interested Diplomat’s manager.
9.1.4 All access to Diplomats systems and applications will be built on role-based permissions profile.
9.1.5 Any deviation from the role-based permission profile will be submitted for approval to Chief Information Security officer, and only be granted based on written instruction.