Nested Knowledge

Bringing Systematic Review to Life

User Tools

Site Tools

Trace:
wiki:policies:access

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
wiki:policies:access [2023/11/15 22:38]
katcow 		wiki:policies:access [2023/12/18 21:05]
kholub
Line 48: Line 48:
 Individuals who are not employees, contractors, consultants, or business partners must not be granted a user-ID or otherwise be given privileges to use Nested Knowledge internal information systems unless the written approval of a Department Lead has been obtained. Before any third party or business partner is given access to this Nested Knowledge computers or internal information systems, a confidentiality, non-disclosure, or other similar agreement defining the terms and conditions of such access must have been signed by a responsible manager at the third party organization. Individuals who are not employees, contractors, consultants, or business partners must not be granted a user-ID or otherwise be given privileges to use Nested Knowledge internal information systems unless the written approval of a Department Lead has been obtained. Before any third party or business partner is given access to this Nested Knowledge computers or internal information systems, a confidentiality, non-disclosure, or other similar agreement defining the terms and conditions of such access must have been signed by a responsible manager at the third party organization.
  
-===   Access for Law Enforcement and Authority:   ===+=== Access for Law Enforcement and Authority: ===
  
 Nested Knowledge will not disclose information unless: Nested Knowledge will not disclose information unless:
Line 72: Line 72:
   * Social media accounts   * Social media accounts
   * Company-issued devices (laptops)   * Company-issued devices (laptops)
 +
 +=== Network Devices ===
 +
 +Nested Knowledge does not manage network devices in its production environment, which are handled by AWS. See Remote Working Environmental Controls for internal systems.
  
 ===== IV. Audit Trails and Logging ===== ===== IV. Audit Trails and Logging =====
Line 109: Line 113:
 === Remote Working Environmental Controls: === === Remote Working Environmental Controls: ===
  
-Equipment should be located and/or protected to reduce the risks from environmental threats and hazards, and opportunities for unauthorized access.+Equipment should be located and/or protected to reduce the risks from environmental threats and hazards, and opportunities for unauthorized access. At a minimum, remote employees must: 
 + 
 +  * Update default router administrator password 
 +      * Following our [[:wiki:policies:password|]] 
 +  * Disable remote access to the router 
 +  * Enable wireless encryption (WPA2/3) on their home network 
 +  * Store company devices behind locked doors
  
-For cloud-related access protocols, please refer to our [[:wiki:policies:cloud|Cloud Security Policy]].+Employees will be trained upon hire and updated on an annual basis. For cloud-related access protocols, please refer to our [[:wiki:policies:cloud|Cloud Security Policy]].
  
 ==== Compliance Statement ==== ==== Compliance Statement ====
Line 120: Line 130:
  
 ^Author^Date of Revision/Review^Comments| ^Author^Date of Revision/Review^Comments|
-|K. Holub|9/28/2023|Annual Review|+|K. Holub|12/18/2023|Remote working controls added|
 |K. Kallmes|1/20/2022|Approved; removed chain of trust language| |K. Kallmes|1/20/2022|Approved; removed chain of trust language|
 |P. Olaniran|10/6/2022|Minor revisions| |P. Olaniran|10/6/2022|Minor revisions|
wiki/policies/access.txt · Last modified: 2024/01/24 19:42 by katcow

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki