IT general controls
1. Access Controls
- Gather current user access data.
- Compare access levels with job descriptions.
- Identify any discrepancies or unauthorized access.
- Document findings and necessary adjustments.
- Communicate changes to relevant stakeholders.
- Define minimum password length and complexity requirements.
- Set up password expiration timelines.
- Educate users on creating strong passwords.
- Enforce policies through technical controls.
- Regularly assess compliance with password policies.
- Identify critical systems requiring additional security.
- Select appropriate multi-factor authentication methods.
- Implement the chosen methods across systems.
- Train users on how to use multi-factor authentication.
- Monitor and adjust as needed for effectiveness.
- Establish criteria for account inactivity.
- Schedule regular reviews of user accounts.
- Identify and document inactive accounts.
- Disable accounts per established policies.
- Notify users of account status changes.
- Define the frequency of access reviews.
- Create a checklist for audit criteria.
- Gather access data for all users.
- Analyze data for compliance with policies.
- Report findings and recommend improvements.
Use in Manifestly