Application Access Control
Information Access Restriction
To safeguard applications, CX Index will restrict business application system access information on a need-to-know basis.
Where possible, menus and documentation shall be edited so the users only view data or menus that they are authorised to view.
Users’ rights shall be based on a Least-Privileged basis, so that they limited to only those functions to which they are authorised (i.e. read, write, delete, and execute). User’s rights shall be reviewed on a periodic basis to ensure that no user or group has excessive privileges.
Outputs available to users are limited to those to which they are authorised.
Sensitive outputs shall be controlled and limited to specific terminals and/or printers. Sensitive outputs must be controlled and limited to specific users who have a valid business need.
Periodic reviews will be performed to ensure that outputs of sensitive information are required by the business. Any extraneous output of sensitive information will be removed.