Access control Policy.

1.   Introduction 

Geeky Designs Ltd implements physical and logical access controls across its networks, IT systems and services in order to provide authorised, granular, auditable and appropriate user access, and to ensure appropriate preservation of data confidentiality, integrity and availability in accordance with the Information Security Policy. Access control systems are in place to protect the interests of all authorised users of Geeky Designs Ltd IT systems, as well as data provided by third parties, by creating a safe, secure and accessible environment in which to work.  

1.1  Scope 

This policy covers all Geeky Designs Ltd networks, comms rooms, IT systems, data and authorised users. 

1.2  Out of Scope 

Geeky Designs Ltd external website and other information classified as ‘Public’. Systems outside of its control will not fall under Sections 2.2.1 and 2.2.2. Privileged access to non controlled systems, resources and applications is the responsibility of the system, resource or application owner, not Geeky Designs Ltd. The authorisation and auditing processes involved in granting access to these resources is the responsibility of the resource owners. 

2. Policy 

2.1 Principles 

Geeky Designs Ltd will provide all employees, students and contracted third parties with on-site access to the information they need to carry out their responsibilities in as effective and efficient manner as possible. 

2.1.1. Generic identities 

Generic or group IDs shall not normally be permitted as means of access to Geeky Designs Ltd data, but may be granted under exceptional circumstances if sufficient other controls on access are in place. Access Control Policy Technical 2 Under all circumstances, users of accounts must be identifiable in order for Geeky Designs Ltd to meet the conditions of its Internet Service Provider, JISC (as laid out in the JISC Acceptable Use Policy’). Generic identities will never be used to access Confidential data or Personally Identifiable Information, including data supplied to Geeky Designs Ltd.

2.1.2. Privileged accounts 

The allocation of privilege rights (e.g. local administrator, domain administrator, super-user, root access) shall be restricted and controlled and not provided by default. Authorisation for the use of such accounts shall only be provided explicitly, upon written request from a senior manager (such as a head of department/division, or a departmental or centre manager), and will be documented by the system owner. Technical teams shall guard against issuing privilege rights to entire teams to prevent potential losses of confidentiality and / or integrity. Privileged accounts must not be used for standard activities; they are for program installation and system reconfiguration, not for program use, unless it is otherwise impossible to operate the program. 

2.1.3. Least privilege and need to know 

Access rights to both physical and logical assets will be accorded following the principles of least privilege and need to know. 

2.1.4. Maintaining data security levels 

Every user must understand the sensitivity of their data and treat them accordingly. Even if technical security mechanisms fail or are absent, every user must still maintain the security of data commensurate to their sensitivity. The Information Classification Standard enables users to classify data appropriately and gives guidance on how to store it, irrespective of security mechanisms that may or may not be in place. Users electing to place information on non-managed systems and databases, digital media, cloud storage, or removable storage devices are advised by Geeky Designs Ltd only do so where: 

• such an action is in accord with the information’s security classification 

• the provision meets any research data supplier or other contracts, 

• other protective measures (such as the use of encryption) have been implemented. Users are consequently responsible in such situations for ensuring that appropriate access to the data are maintained in accord with the Information Security Policy and any other contractual obligations from data providers they may have to meet. Users are obligated to report instances of non-compliance to the Geeky Designs Ltd via its support page. 

2.2 Access Control Authorisation 

2.2.1. User accounts 

Access to Geeky Designs Ltd IT resources and services will be given through the provision of a unique user account and complex password and finger print login. Accounts are provided on the basis of valid records in the companies information systems. For any user not in either of those systems, access is granted via the appropriate staff. 

2.2.2. Passwords 

Password issuing, strength requirements, changing and control will be managed through formal processes. Password issuing will be managed by the IT for staff. Password length, complexity and expiration criteria for staff passwords are given.

2.2.3. Access to Confidential, Restricted and Internal Use information 

Access to ‘Confidential’, ‘Restricted’ and ‘Internal Use’ information will be limited to authorised persons whose job or responsibilities require it, as determined by law,

contractual agreement with interested parties or the Information Security Policy. Access to any of these resources will be restricted by use of firewalls, network segregation, secure log-on procedures, access control list restrictions and other controls as appropriate. The responsibility to implement access restrictions lies with the data processors and data controllers, but must be implemented in line with this policy. Role-based access control (RBAC)

will be used as the method to secure access to all file-based resources contained within Geeky Designs Ltd Active Directory domains and administered by Eukhost. There are no restrictions on the access to ‘Public’ information.  

2.2.4. Policies and guidelines for use of accounts 

Users are expected to become familiar with and abide by Geeky Designs Ltd policies, standards and guidelines for appropriate and acceptable usage of the networks and systems. This includes the Conditions of Use of IT Services at Geeky Designs Ltd acceptable use policy. 

2.2.5 Access for remote users

Access for remote users shall be subject to authorisation by Geeky Designs Ltd and be provided in accordance with the Remote Access Policy and the Information Security Policy. No uncontrolled external access shall be permitted to any network device or networked system. 

2.2.6. Physical access control 

Physical access across the Geeky Designs Network, where restricted, is controlled primarily via fingerprint control. 

2.2.6.1 Lost passwords 

For Lost password you must immediately be reported to the IT Department. The IT department will cancel the password through the access control system. 

2.2.6.2 Reissuing passwords

Replacement passwords cannot be issued until the IT Department has confirmed that a prior Password has been cancelled. 

2.3 Access Control Methods Access to data is variously and appropriately controlled according to the data classification levels described in the Information Security Policy. Access control methods used by default include: 

• explicit logon to devices

• Windows share and file permissions to files and folders

• user account privilege limitations, • server and workstation access rights

• firewall permissions

• network zone and VLAN ACLs

• IIS/Apache intranet/extranet authentication rights

• Geeky Designs Ltd user login rights

• Database access rights and ACLs

• Encryption at rest and in flight 

• Any other methods as contractually required by interested parties. Access control applies to all Geeky Designs Ltd-owned networks, servers, workstations,

laptops, mobile devices and services run on behalf of Geeky Designs Ltd.

Role-based access control (RBAC) will be used as the method to secure access to all file-based resources contained within Geeky Designs Active Directory domains.   

2.4 Cloud Systems 

The use of cloud-based systems by Geeky Designs must in all respects meet the access control provisions laid out in this policy

2.5 Penetration

Tests Geeky Designs Ltd access control provision will be regularly made subject to penetration tests, in order to ascertain the effectiveness of existing controls and expose any weaknesses. Tests will include, where appropriate and agreed to, the systems of cloud service providers. 5

2.6 Further Policies, Codes of Practice, Procedures and Guidelines

This policy sits beneath Geeky Designs Ltd Overarching Information Security Policy. Other supporting policies have been developed to strengthen and reinforce this policy statement. These, along with associated codes of practice, procedures and guidelines are published together and are available for viewing on LSE’s website. All staff, students and any third parties authorised to access Geeky Designs Ltd network or computing facilities are required to familiarise themselves with these supporting documents and to adhere to them in the working environment. 

2.7 Review and Development 

This policy shall be reviewed and updated regularly by the Information Security Advisory Board (ISAB) and an auditor external if required to ensure that it remains appropriate in the light of any relevant changes to the law, organisational policies or contractual obligations. Additional regulations may be created to cover specific areas. The Information Security Manager will determine the appropriate levels of security measures applied to all new information systems.

No startup costs, no upfront investment.

Looking for web design in Liverpool? Need a agency who love creating websites?

No locked in contracts with the right to cancel anytime. You will be safe in our hands as we build a long relationship.

100% Google safe.

Every website we build is fully optimised with Google's best practice guidelines.

Our websites are designed

and built

right here in the UK by our in-house design team. With fast lead times.

Over 10 years experience in bespoke web design.

We create great quality designs, tailored to your individual business.

All payments are safely processed with Gocardless. If we were unable to resolve your issue or if we

didn't meet your expectations, we maintain a 30-day refund policy!

Got some ideas for a project?

Drop us a line will be glad to here from you.

Print this page.