Access Control and Access Management

Does the company have a regulated password policy?

Yes, a consistent password policy has been implemented.

Passwords have a maximum validity period, a minimum length requirement, and a history enforcement. They must not be too easy or obvious, and cannot be dictionary words. Each employee and collaborator stores passwords in a password manager (KeePassXC).

Is there a procedure governing access and identity management?

Yes, according to PBI - 04 Annex 01 Access Management Instruction at Vercom S.A.

Access is granted solely upon approval by management. Employees must have unique identifiers and are prohibited from sharing individual passwords with others. There is an implemented procedure for user authentication in the IT system – Instruction for Managing the Information System. Each employee has individual accounts, logins, and passwords.

Do we ensure accountability of individuals utilizing IT resources and data through digital identity management and logging the activities of those assigned to these identities?

Yes.

Are default accounts such as generic accounts, embedded accounts, non-personalized accounts, and guest accounts secured, blocked, or removed as part of the procedure?

The system does not allow the creation of generic, non-personalized, or guest accounts.

Last updated