Access Management Policy

Purpose

This policy outlines the standards for managing access to the Skpr hosting platform, ensuring only authorized users have appropriate access in accordance with their role.

Scope

This policy applies to:

All applications and infrastructure managed by the Skpr hosting platform
All platform team members and clients with access to the Skpr hosting platform

This does not include:

Client applications running on the Skpr hosting platform eg. Drupal accounts and authentication.

Access Control Principles

Least Privilege - Users must be granted the minimum level of access necessary to perform their duties.
Role-Based Access Control (RBAC) - Access permissions must be based on their roles.
Authentication & Authorization - All access should require multi-factor authentication.
Account Management - Accounts must be disabled immediately on termination or departure.
Periodic Access Reviews - User access is to be reviewed periodically (quarterly).

Roles & Responsibilities

Skpr platform team - Oversees implementation and compliance with this policy.
PreviousNext Operations Lead - Responsible for the enforcement and auditing of this policy.

Review & Updates

This policy will be reviewed annually or upon significant changes to infrastructure or regulatory requirements.

Purpose​

Scope​

Access Control Principles​

Roles & Responsibilities​

Review & Updates​

Purpose

Scope

Access Control Principles

Roles & Responsibilities

Review & Updates