User Account Policy
The purpose of this User Account Policy is to establish guidelines and procedures for the creation, management, and termination of user accounts within SabkiShop. This policy aims to ensure the security and integrity of the organization’s information systems while providing users with appropriate access to resources.
2. User Account Creation
User accounts will be created for employees, contractors, and other authorized individuals requiring access to SabkiShop information systems.
Requests for user account creation must be submitted through the [Designated System] Request Form.
2.2 Approval Process
User account requests will be reviewed and approved by the SabkiShop, taking into consideration the principle of least privilege.
Accounts will be created promptly upon approval and in accordance with the user’s role and responsibilities.
3. Password Management
3.1 Password Creation
Users are required to create strong passwords that include a combination of uppercase and lowercase letters, numbers, and special characters.
3.2 Password Protection
Users are responsible for maintaining the confidentiality of their passwords.
Passwords must not be shared or written down.
3.3 Account Lockout
Accounts will be locked out after 3 consecutive failed login attempts.
Locked accounts must be unlocked by the SabkiShop after verifying the user’s identity.
4. Access Control
4.1 Role-Based Access
Users will be assigned access rights based on their roles and responsibilities.
The principle of least privilege will be applied to restrict access to only the necessary resources.
4.2 Account Review
Regular reviews of user accounts will be conducted to ensure appropriateness of access.
Accounts of terminated or inactive users will be promptly deactivated or removed.
5. Account Termination
User accounts will be deactivated or removed promptly upon termination of employment, contract, or when access is no longer required.
Account termination requests must be submitted through the SabkiShop Termination Request Form.
Violations of this User Account Policy may result in disciplinary action, including account suspension or termination.
The [Designated Authority] is responsible for enforcing this policy.
7. Review and Revision
This User Account Policy will be reviewed annually and revised as necessary to ensure its continued effectiveness and relevance.