Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
132 views5 pages

Access Control Document

This document outlines access control policies and procedures for devices and tools in the Network Operations Center (NOC) at Velocis Systems Pvt Ltd. Access to routers, firewalls, switches, servers, and management tools will be based on role-based access control and least privilege principles. The document details access provisioning, review, password management, and physical security measures. Responsibilities are assigned to IT, managers, and employees to adhere to and enforce the controls.

Uploaded by

Manas Ranjan Sahoo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
132 views5 pages

Access Control Document

This document outlines access control policies and procedures for devices and tools in the Network Operations Center (NOC) at Velocis Systems Pvt Ltd. Access to routers, firewalls, switches, servers, and management tools will be based on role-based access control and least privilege principles. The document details access provisioning, review, password management, and physical security measures. Responsibilities are assigned to IT, managers, and employees to adhere to and enforce the controls.

Uploaded by

Manas Ranjan Sahoo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Error!

Unknown

Access Control document property


name.008
Process Version: 1.1

Access Control Document


Velocis System Pvt Ltd.

Document Version: 1.1


Document Date: [08-July-2023]

Document Summary:

Policy Category Common

Policy ID

Version Number Version 1.0

Effective Date 08-July-2023

Owner Manas Ranjan Sahoo

Approved By Sagar Sharma

Document Status Final Release

Confidential © Velocis Systems Pvt. Ltd 2009 Page 1 of 5


Error! Unknown

Access Control document property


name.008
Process Version: 1.1

Document Label Internal

Revision History

Version Date Prepared/ Reviewed by Approved by Reason for Change


Revised by

1.0 08-07-2023 Vivek Rajnish Manrai Rajnish Manrai Initial Draft


Sankhyan

1.1 20-12-2023 Vivek Rajnish Manrai Rajnish Manrai Reviewed only


SANKHYAN

Access Control Document for NOC

1. Overview This document outlines access control guidelines and procedures for
managing access to the following technology and devices within the Network
Operations Center (NOC):

• Routers
• Firewalls
• Switches
• Servers
• ACI

Confidential © Velocis Systems Pvt. Ltd 2009 Page 2 of 5


Error! Unknown

Access Control document property


name.008
Process Version: 1.1

• DNAC
• CUCM
• HX
• Umbrella
• DUO
• AMP
• IT Service Management (ITSM) & Network Management System (NMS)
tools
2. Access Control Policies for Specific Devices

Routers, Firewalls, and Switches:

• Access to router, firewall, and switch configurations and management


interfaces will be restricted to authorized network engineers and
administrators.
• Access will be granted based on role-based access control (RBAC)
principles, ensuring that only personnel with specific job roles requiring
access will be provided permissions.
• Remote access to these devices will be secured using encrypted protocols
(such as SSH, HTTPS) and multifactor authentication where feasible.
Servers:

• Access to servers within the NOC will be controlled based on the principle
of least privilege.
• Server access will be limited to system administrators, network engineers,
and relevant support personnel.

Confidential © Velocis Systems Pvt. Ltd 2009 Page 3 of 5


Error! Unknown

Access Control document property


name.008
Process Version: 1.1

• Physical access to server rooms will be restricted to authorized personnel


only, monitored by access control systems.
ITSM & NMS Tools:

• Access to ITSM and NMS tools will be granted to authorized NOC personnel
responsible for network monitoring and management.
• Access permissions will be assigned based on job roles and responsibilities.
• Usage and access to these tools will be logged and monitored regularly to
detect any unauthorized activities.
3. Access Control Procedures

a. Access Provisioning i. Requests for access to these devices and tools must be
submitted through a formal access request process. ii. Access requests will
require appropriate approvals from supervisors or department heads.

b. Access Review and Monitoring i. Regular reviews of access permissions will be


conducted to ensure alignment with job roles and responsibilities. ii. Logs and
audit trails of access activities will be monitored for any anomalies or
unauthorized access attempts.

c. Password Management i. Strong password policies will be enforced for device


and tool access, including regular password changes, complexity requirements,
and avoiding password sharing.

d. Physical Access Controls i. Physical access to server rooms and critical


infrastructure housing these devices will be restricted through biometric access,
keycards, or other secure measures. ii. Visitor access to these areas will be
escorted and supervised at all times.

4. Responsibilities

Confidential © Velocis Systems Pvt. Ltd 2009 Page 4 of 5


Error! Unknown

Access Control document property


name.008
Process Version: 1.1

a. IT Department: Responsible for implementing and enforcing access control


measures, conducting regular audits, and managing access permissions.

b. Managers and Supervisors: Responsible for authorizing access requests based


on job roles and overseeing access reviews for their respective teams.

c. Employees and Users: Responsible for adhering to access control policies,


safeguarding access credentials, and promptly reporting any security incidents or
breaches.

5. Enforcement and Compliance Violations of this Access Control Document may


result in disciplinary actions in line with the organization's policies. This document
complies with industry standards (e.g., ISO 27001) and relevant regulatory
requirements.

6. Document Control This document will be reviewed and updated as necessary


by the IT Security team. All revisions will be appropriately documented and
communicated to relevant stakeholders.

Confidential © Velocis Systems Pvt. Ltd 2009 Page 5 of 5

You might also like