Skip to main content

User Access Policy

Purpose:

The purpose of this policy is to establish guidelines for managing user access to the Pitaka platform, ensuring that access is granted appropriately based on job responsibilities while maintaining data security and compliance with applicable laws.

Scope:

This policy applies to all employees, contractors, and third-party users who access the Pitaka platform's systems and data.

Policy

1. User Account Management:

User accounts must be created, modified, and terminated based on established procedures. Each user must have a unique identifier, and shared accounts are prohibited.

2. Access Authorization:

Access to the Pitaka platform will be granted based on the principle of least privilege, ensuring users only have access to the resources necessary for their job functions. Role-Based Access Control (RBAC) will be implemented to manage user permissions effectively.

3. User Access Review:

User access rights will be reviewed at least quarterly to ensure appropriateness based on current job roles and responsibilities. Any necessary changes to user access must be documented and implemented promptly.

4. Account Termination:

Access rights must be revoked immediately upon termination of employment or contract. A checklist should be followed to ensure that all access rights are removed and that any associated data is secured.

5. Password and Authentication Requirements:

Users must adhere to strong password policies, which include minimum length, complexity requirements, and regular password updates. Multi-Factor Authentication (MFA) is required for accessing sensitive data and systems.

6. Temporary Access:

Temporary access may be granted for short-term projects or tasks with a defined expiration date. All temporary access must be documented and reviewed before expiration.

7. User Training and Awareness:

All users must receive training on access control policies and the importance of safeguarding their access credentials. Ongoing awareness programs should be implemented to reinforce security best practices.

This policy aligns with the Data Privacy Act of 2012, Cybercrime Prevention Act of 2012, and other applicable Philippine laws. Compliance audits will be conducted regularly to assess the effectiveness of user access management practices.

9. Policy Enforcement:

Violations of this policy may result in disciplinary actions, including revocation of access, termination of employment, or legal consequences, depending on the severity of the violation. The compliance officer is responsible for overseeing adherence to this policy and addressing any violations.