+ORP.4.A16 Policies for Data and System Access Control [IT Operation Department] (S)

1. Overview

ORP.4.A16 Policies for Data and System Access Control [IT Operation Department] (S)

A policy for data and system access control SHOULD be drawn up for IT systems, IT components, and data networks. Standard rights profiles that correspond to employees' roles and tasks SHOULD be used. A data access rule SHOULD be established in writing for every IT system and IT application.

Summary	Standard

1.1 References

1.2 Identified Requirements

1.2 Related Regulation

2. Identified Requirements

Requirements
Source	Requirement

3. Related Regulations

Regulations
Source	Regulation

ITGC -
Bundesamt für Sicherheiter in der Informationstechnik - IT-Grundschutzkompendium Stand 2022