At GrowMore Recruitment, we prioritise the security and confidentiality of our information assets. Our Access Control Policy is designed to safeguard these assets against unauthorised access, ensuring their integrity and availability at all times. By implementing robust access controls, we protect sensitive data and maintain a secure environment for our clients, candidates, and employees. This policy outlines the principles, scope, and procedures for access control within our organisation, ensuring compliance with GDPR standards and other relevant regulations.
Objectives
The primary objectives of our Access Control Policy are to:
- Protect information assets and supporting resources from unauthorised access, modifications, and damage.
- Ensure the confidentiality, integrity, and availability of data are maintained at all times.
- Implement suitable controls to prevent loss or damage due to unauthorised activities.
Scope
This policy applies to:
- Information Assets: Data owned by GrowMore Recruitment or entrusted to us by clients, including data processed or stored at Fozzy facilities under GrowMore Recruitment accounts.
- Supporting Assets: Resources such as personnel, hardware, software, documentation, and records that support the confidentiality, integrity, and availability of information assets.
Policy
General Access Control Statements:
- Default permissions are set to “deny all,” with specific permissions granted based on the individual’s role and business needs.
- Asset Owners are responsible for authorising and recording access to their assets, with regular reviews to ensure accuracy and relevance.
- Access and privileges are revoked immediately upon an employee’s departure or termination of a contractor or third-party user.
- Protection and access levels to information assets are determined by the business need, security classification, environment, and user security clearance.
User Identification and Authentication:
- All users are assigned a unique User ID for accessing authorised information assets.
- Generic User IDs and super-user accounts are prohibited unless essential.
- User IDs must be supported by strong passwords in compliance with GrowMore Recruitment’s Password Management Policy.
Remote Access Policy:
- Internal Users: Remote access is restricted to GrowMore Recruitment-owned equipment with pre-installed connection configurations. Access requests are reviewed and authorised by the asset owner.
- External Users: Remote access for external users is similarly controlled, requiring approved equipment and configurations. All connections are protected by firewalls and anti-virus software.
Termination of Remote Access Connectivity:
- Remote access is immediately revoked upon termination of an employee, contractor, or third-party user.
- The Technology Lead regularly reviews access permissions and removes access for users without a valid business need.
Responsibilities:
- The Technology Lead is responsible for reviewing, authorising, and managing access to assets, conducting regular reviews, and addressing any security incidents related to access control.
- All employees, contractors, and third-party users must comply with this Access Control Policy. Non-compliance will result in disciplinary action.
At GrowMore Recruitment, we are dedicated to maintaining robust access control measures to ensure the security of our information systems and data. By adhering to this policy, we protect our assets, support our clients, and uphold the highest standards of information security.