Access Control

Last updated on May 25, 2020

To maintain the confidentiality, availability, and integrity of data, organizations should have proper logical access controls in place. Meaning the right person has access to the right data, and at the right time. Logical access controls should ensure appropriate segregation of conflicting duties; one person should not be able to initiate a transaction, authorize, and approve the transaction. Additionally, sensitive data should be protected by added levels of control (i.e. Multi-Factor Authentication).

Expert Opinion - Logical Access Control

Control Objective

Policy is documented, followed, reviewed, and updated regularly
Address onboarding, off-boarding, transition between roles, regular access reviews, limit and control use of administrator privileges, and inactivity timeouts
Employees/contractors/vendors should be provided only with the access they are authorized to use
Conflicting duties and areas of responsibility must be identified and segregated to reduce incidents of fraud and other abuse (separation of duties)
Multi-factor authentication is required for access to sensitive data from untrusted networks
System accounts unable to use multi-factor must leverage strong authentication (e.g.. password aging, length/complexity, history).

Did you find what you were looking for?

The B.C. Public Service acknowledges the territories of First Nations around B.C. and is grateful to carry out our work on these lands. We acknowledge the rights, interests, priorities, and concerns of all Indigenous Peoples - First Nations, Métis, and Inuit - respecting and acknowledging their distinct cultures, histories, rights, laws, and governments.

More topics

Access Control

Expert Opinion - Logical Access Control

Control Objective