Policies and Guidelines

Controlling Access to Information

Last Updated: December 12, 2008
Reviewed: January 8, 2010

Purpose

To ensure confidentiality, integrity, and availability of their information resources, a department must have a strategy for controlling access to information through owner identification and user authentication.

Scope

Departmental management and technology staff.

Process Overview

  1. Identify and establish data owners.
  2. Identify the user groups who need access to the data controlled by each data owner.
  3. Data owners identify the privileges to be granted to each group of users.
  4. Each computer user is required to have a unique logon ID and strong password.
  5. Each computer user acquires access to information through assignment to one or more user groups.

References