home » about us » policies » information and communication technology » 

• 
• Contact Us
• FAQ's
• Accessibility
• A-Z
• Links
• Log In 

Start of main content

 Access control policy overview

Please note that as this policy is periodically reviewed and updated, if you print it from the website, its accuracy cannot be guaranteed for more than a 24 hour period following printing.

Introduction

This Access Control Policy defines the requirements of HFRS to ensure that access to information assets is authorised and subject to identification and authentication controls.

Scope

This Access Control Policy shall apply to all employees who have access to HFRS information assets, including remote access.

Access to physical information assets - for example printed paper documents, and portable storage devices containing information - is governed by the same principles as non-physical assets.

Policy Statements

All Information Assets shall be “owned” by a named individual within HFRS.  Information owners shall authorize employees requiring access to information assets owned by them.

Access to information assets shall be restricted to authorized employees and shall be protected by appropriate physical and logical authentication and authorization controls. All access that is not explicitly authorized is forbidden.

Employees shall be granted access to information assets only on the basis that they have a specific need to know, or to “have-access-to”, those information assets.  Access privileges shall be allocated to employees, based on the minimum privileges required to fulfill their job function.  Access privileges shall be authorized by the appropriate information owner. A list of individuals authorized to use the services shall be maintained.

All passwords used to access information assets shall conform to HFRS requirements relating to password composition, length, expiration and confidentiality as defined in its password use process.

Detailed processes have been developed and shall be followed for terminating, modifying or revoking an employee’s Access..

All third party access (contractors, business partners, consultants and vendors) shall be authorized by an appropriate Information Owner and, if necessary, monitored.  Third party access to information assets shall be granted in increments according to business need and identified risks.  Information owners shall specify access timeframes and be prepared to offer justification for such access.

The Information Security Forum shall maintain plans indicating time schedules of all Information Security Access audits to be performed within HFRS to ensure compliance with this Access Control Policy.

All access rights shall be reviewed by the information owner at a frequency consistent with the business risks but on a six monthly basis as a minimum.

Information Systems deemed critical by the Information Security Forum shall be monitored to detect non-compliance with this Access Control Policy and records of evidence collected in case of security access events.  The level of monitoring required for individual systems and facilities shall be determined by an information security risk assessment.

• news
• keeping safe
• business fire safety
• kidzone
• careers & training
• about us
• for staff
• Go to Animal Rescue :: Operations Audit Commission and Other External Assessments and Reports - The Service Budget, Accounts and Regulations Business Education Community Response Corporate Planning Current Vacancies :: Careers and Training Environment Equality and Diversity Events Diary Fire Control Fire Safety Regulations Fire Stations Fire and Rescue Authority Freedom Of Information Act 2000 (FOI) Hampshire Fire and Rescue Service Plan History of HFRS Home Safety IPDS Incident Types News Releases Past Members Planning for Emergencies Policies Recent Incidents Service News Service orders Station Admin Manual Top 10 Fire Safety Tips Vehicles and Appliances