Site Access

FAQs regarding site access security.

  • Are all required approvals documented for each access request?

    Yes, all required approvals or modification to a user’s or account’s access privileges are fully documented.

  • Are User IDs for the application uniquely attributable to individuals when accountability is required?

    Yes.

  • Are access privileges grated to users or accounts in accordance with company policy (including Segregation of Duties)?

    Yes. User accounts are managed by the company account administrator. It is up to each company to institute a policy around access privileges.

  • How often are access privileges granted to users or accounts reviewed?

    Access privileges are reviewed every 12 months to determine if access rights are commensurate to the user’s or account’s job duties. If the employment status of a user that has been granted access changes or becomes terminated, their access will be terminated as well.

  • Does the application utilize the company’s password management system or equivalent to ensure unique IDs, password complexity and strength?

    Okta manages the identities of all system users and Symantec VIP or GoogleAuth as multi-factor authenticators.

  • Are vendor-supplied default settings (i.e. passwords) deleted, disabled or renamed?

    Yes, at the company’s discretion.