The organization implements a system of access controls to restrict and monitor access to resources within the organization. This involves defining policies and procedures for granting and revoking access to information systems and data based on an individual’s job function and need-to-know basis. Access management ensures that only authorized personnel can access resources while maintaining the confidentiality, integrity, and availability of those resources.

The organization implements account management protocols to ensure only authorized users can access the computer system or network. User account management protocols include approval processes for creating, modifying, and deleting user accounts and are managed by an administrator or group of administrators responsible for ensuring all accounts are properly configured and secured. In addition, access management reviews are conducted regularly to assess whether user accounts are still required, appropriate, and have the appropriate level of access rights. User account management and review aim to prevent unauthorized access and ensure the availability and integrity of systems and data.

The organization employs Role-Based Access Control (RBAC) to restrict system access and permissions based on the roles of individuals within the organization. This control limits access to sensitive data and system functions to only those users who require it for their job responsibilities. Access is granted based on the user’s job function or role and can be dynamically adjusted.