Access Control Policy (ISO 27001 Standard)
Last updated: 01 December 2022
Ref: 5be6471d-0969-43ac-ae69-c3e1f16a0499
The purpose of this policy is to ensure that access to Liqvid PTE. LTD.'s IT infrastructure is restricted only to authorized personnel, thereby ensuring the confidentiality, integrity, and availability of the organization's information assets.
This policy applies to all employees, contractors, and third-party vendors who have access to Liqvid PTE. LTD.'s IT infrastructure.
Access Control:
1.1 Access to Liqvid PTE. LTD.'s IT infrastructure is granted only to authorized personnel based on their job responsibilities, with the least privilege principle applied.
1.2 Access rights are reviewed periodically to ensure that they are still required and that access is still based on a need-to-know basis.
1.3 Access rights are granted based on unique user identification and authenticated using strong authentication methods such as passwords, multi-factor authentication.
1.4 Passwords must meet complexity requirements, such as length, complexity, and expiry. Passwords are also not shared or written down.
1.5 All failed login attempts are logged and reviewed.
1.6 Access to Liqvid PTE. LTD.'s IT infrastructure from external networks is only granted through secure channels such as VPNs.
1.7 Remote access to Liqvid PTE. LTD.'s IT infrastructure is only granted to authorized personnel and is subject to the same access control policies as internal access.
Physical Security
2.1 Access to Liqvid PTE. LTD.'s physical infrastructure is restricted to authorized personnel only.
2.2 Access to server rooms and data centers is controlled using access control mechanisms such as card-based authentication.
2.3 Server rooms and data centers are equipped with environmental monitoring systems to detect unauthorized access, such as motion detection and video surveillance.
Network Security
3.1 All network traffic to and from Liqvid PTE. LTD.'s IT infrastructure is monitored using intrusion detection and prevention systems.
3.2 All network traffic is segmented and protected using firewalls and other network security devices.
3.3 All software and hardware that are used for access control are reviewed regularly to ensure that they are secure and that they meet the organization's security requirements.
Incident Management
4.1 Any suspicious or unauthorized access attempts are immediately reported to the information security manager and the incident response team.
4.2 All security incidents are handled in accordance with the incident management policy.
Roles and Responsibilities
5.1 All employees, contractors, and third-party vendors are responsible for ensuring that they comply with this policy.
5.2 The information security manager is responsible for ensuring that this policy is implemented, communicated, and enforced.
6 Non-compliance with this policy may result in disciplinary action up to and including termination of employment or termination of contracts with third-party vendors or contractors.
7. These security controls are regularly reviewed and updated as necessary to ensure that they are effective in protecting the IT infrastructure of Liqvid PTE. LTD. in accordance with ISO 27001 standards.
Download Liqvid Access Control Policy