Connect

Companywide User Access Policy and Guidelines (Internal and External)

Effective Date: May 14, 2024

Purpose and Objectives

This policy outlines the procedures for managing user access to company systems, applications, and data. Its primary objectives are to:

    • Security: Protect sensitive company and client information from unauthorized access and misuse.
    • Compliance: Ensure compliance with relevant data privacy regulations.
    • Efficiency: Streamline user access requests and minimize administrative tasks.
    • Accountability: Establish clear roles and responsibilities for user access management.

Scope

This policy applies to all employees, contractors, and third parties who require access to company systems and data, including:

    • Employees: Full-time, part-time, temporary, and interns.
    • Contractors: Independent contractors, consultants, and freelancers.
    • Third Parties: Vendors, suppliers, and other external stakeholders.

 

Access Control Principles

    • Principle of Minimum Requirement: Users should only be granted the minimum level of access necessary to perform their job duties.
    • Separation of Duties: Critical functions should be segregated to prevent any single individual from having excessive control.
    • Regular Reviews: User access rights should be regularly reviewed and updated to reflect changes in job roles.
    • Accountability: All users are responsible for the security of their accounts and the confidentiality of company information.

 

User Access Levels

    • Administrator: Highest level of access, with the ability to manage user accounts, system configurations, and security settings.
    • Manager: Access to only information and systems relevant to their department or team.
    • Human Resources: Access to confidential personnel documentation.
    • Employee: Access to company-wide resources and systems required for their job functions.
    • Contractor/Third Party: Limited access to specific systems and data based on contractual obligations.

 

Access Request and Provisioning

New User Onboarding
    • New user requests must be submitted and approved based on role and responsibilities.
    • Requests must be approved by the manager and/or Chief Executive Officer.
    • Upon approval, new user accounts will be created with appropriate access privileges.
User Role Changes
    • When a user’s job role changes, their access privileges must be reviewed and adjusted accordingly.
    • Access requests must be submitted and approved as per the onboarding process.
Third-Party Access
    • Access for third parties must be carefully evaluated and limited to the specific information and systems required to fulfill contractual obligations.

 

Access Revocation

Employee Termination
    • Upon termination, all access rights must be immediately revoked.
    • Accounts on company platforms will be deactivated.
    • IT consulting partner will deactivate user accounts and remove access.
    • Company software passwords will be updated per password management guidelines.
    • Terminated employee emails, files, and documents will be reviewed for safe transition.
    • Company devices must be returned, and confidential information deleted as per the Employment Agreement.
Contractor/Third Party Agreements
    • Access for contractors and third parties must be revoked upon completion of their contract.
    • Data Use Agreements must be reviewed and updated accordingly.

 

Password Management

    • Strong Passwords: Users must create and use strong, unique passwords.
    • Password Complexity: Minimum length of 10 characters, including uppercase, lowercase, numbers, and special characters.
    • Regular Password Changes: Passwords must be changed at least every 90 days.
    • Password Protection: Users must not share passwords or store them insecurely.

 

Data Security

    • Confidentiality: All users are responsible for maintaining the confidentiality of company and client data.
    • Data Handling: Handle sensitive data with care, avoid unsecured transmissions, and properly dispose of confidential documents.
    • Data Breaches: Suspected data breaches must be reported to IT immediately.

 

User Responsibilities

    • All users must comply with this policy.
    • Report any suspicious activity or security incidents to IT.
    • Protect their accounts by using strong passwords and logging out when not in use.
    • Follow data security best practices when handling sensitive information.

 

Training and Awareness

Onboarding Orientation Training
    • All new employees must complete security training on best practices.
Regular Training
    • Ongoing security awareness training will be provided to all employees.
    • Routine updates on policy expectations and security risks will be shared internally.

 

Modifications

We may update this Companywide User Access Policy from time to time. Material changes will be posted on our website.

Enforcement

Violations of this policy may result in disciplinary action, up to and including termination.

Contact Information

If you have any questions, concerns, or complaints, contact our access administrator:

Jenna Webb
Email: jwebb@ferrettisearch.com
Phone: (704) 773-5449
Address: 110 Matthews Station St Suite 2D, Matthews, NC 28105

Contact Us

Ferretti Search
110 Matthews Station Street Suite 2D
Matthews, NC 28105

704.612.2900
admin@ferrettisearch.com

Our Expertise

About

Contact

Connect

Linkedin Facebook

Join Our Network

© Ferretti Search. Charlotte, NC Recruiting, Staffing and Consulting. All Rights Reserved. 2023 - 2025