Security - User Rights Management in AWS Infrastructure
Last updated: 01 December 2022
Ref: 7362056a-e2f1-40c4-b919-nbnuanh7tieu
Liqvid PTE. LTD. is committed to ensuring the secure management of user rights within its AWS infrastructure. This policy outlines the guidelines and procedures that are currently in place for granting, reviewing, and revoking user rights, in accordance with ISO 27001 standard.
This policy applies to all employees, contractors, and third-party vendors who have access to Liqvid PTE. LTD.'s AWS infrastructure.
User Rights Provisioning:
a) User rights are provisioned based on the principle of least privilege, ensuring that users have the minimum level of access necessary to perform their job responsibilities.
b) User rights are provisioned by the designated AWS administrator or the designated personnel responsible for user management.
c) User requests for access to AWS infrastructure are submitted through our authorized access request process, which includes the required approvals and justification for the requested access.
User Rights Review:
a) Regular reviews of user rights are conducted to ensure that access privileges are aligned with business requirements and job roles.
b) User rights reviews are performed at least annually or whenever there are changes in job roles or responsibilities.
c) User rights reviews involve collaboration between the AWS administrator and the respective department managers to validate access requirements and revoke unnecessary privileges.
User Rights Revocation:
a) User rights are promptly revoked or modified when an employee, contractor, or third-party vendor no longer requires access to the AWS infrastructure.
b) User rights revocation is initiated through our standardized process, which ensures the removal of all access privileges.
c) The revocation process is coordinated between the AWS administrator, HR department, and relevant stakeholders.
Access Logging and Monitoring:
a) Access to AWS infrastructure is logged and monitored to detect and investigate any unauthorized or suspicious activities.
b) Access logs and monitoring systems are regularly reviewed to identify anomalies, potential security breaches, or policy violations.
Training and Awareness:
a) Users with access to AWS infrastructure receive training on their responsibilities regarding user rights management and the appropriate use of access privileges.
b) Regular security awareness training is provided to all employees, contractors, and third-party vendors to educate them about the importance of user rights management and the potential risks associated with improper access.
Compliance and Auditing:
a) Compliance with this policy is periodically assessed through internal audits and compliance reviews.
b) Any non-compliance or violations are addressed promptly, and appropriate corrective actions are taken.
Policy Review:
This policy is reviewed on an annual basis or as required by changes in business needs, technology, or regulatory requirements.
Download Liqvid User Rights Management in AWS Infrastructure