Adande Privileged user account access policy / agreement.
By using a privileged user account account on adanderefrigeration.com you are agreeing to the following terms in regarding to owning a privileged user account on an Adande website or server which may give you access to user data. A copy of this policy should be kept by yourselves and Adande.
In creating an account on a Adande system (website, etc.) you will be able to create a password and input other information at your discretion. The password is encrypted (no-one has access to it) and no employee except from the designated system administrator will have access to your account. All user accounts are deleted 3 months after employment or sooner at Adande’s sole discretion. If you wish for your data to be removed you may do so going by the rules of the GDPR by contacting us with a “Right to be Forgotten” request in a reasonable time-frame (up-to 40 days from sending) or by logging into the website and deleting your account yourself from the user area provided when logging in.
A. Policy objective: 1. The purpose of this policy is to ensure that no unauthorized user can access any of the ADANDE servers with privileged accounts. A privileged user is a user who has been allocated powers within the computer system which are significantly greater than those available to the majority of users. A privileged user account may have access to confidential data and includes system and database administrators and supervisors. This policy is also intended to ensure that users log on to ADANDE servers with their username and password before escalating their privileges. This creates an auditable trail of privilege escalation after logon.
B. Intended audience: 2. This policy covers all ADANDE staff, consultants and contractors who have knowledge of a root-user, super-user, moderator or administrator password on any ADANDE owned servers.
C. Policy statement: a. Staff Responsibilities and Accountability:
3. Only ADANDE Branch staff, consultants and contractors who have traditionally performed systems administration duties, and are responsible for maintaining software applications or systems can have privileged access on some or all of the ADANDE servers upon request.
4. Privileged access shall be granted to individuals only after they have read this policy, obtained the approval of their supervisor, and signed a Privileged Access Agreement Form.
5. Whenever technically possible, gaining and using privilege access should be audited.
6. If methods other than privileged access will accomplish an action, those methods must be used unless the burden of time or resources required clearly justifies using privileged access.
7. Privileged access may be used only to perform official job functions, which may include standard systems, database and other server administration related duties.
8. Individuals with privileged access shall take necessary precautions to protect the confidentiality of information encountered in the performance of their duties. If, during the performance of their duties, individuals with privileged access are inadvertently exposed to information that might indicate inappropriate use, they must consult their supervisor.
9. Preconditions to obtain the privileged account access for the servers are listed as following. Exceptions to any of these conditions can only be permitted after obtaining prior authorization from the Adande branch in the form of an email or memorandum.
• A user must not directly access any ADANDE server with a Super User ID and Password unless deemed absolutely necessary by the supervising officer or head system administrator. Direct Super Access can only be obtained through the dedicated console.
• A user must not elevate their regular privileges to a higher level unless absolutely necessary. Every attempt to elevate privileges will be logged and reported to Head Administrator on a periodic basis.
• A user must never share their credentials with any other person.
• All the information a user has access to on any of the ADANDE servers must be considered proprietary to ADANDE and must be fully protected at all times.
• Tampering of any data on any of the ADANDE servers is strictly forbidden and will result in disciplinary actions.
• A user must not read or copy any information that is stored on the server.
• A user must not grant/revoke access to any other user.
• A user must not change any privileged account credentials.
• A user must not install any software or patch on the server. Any installation must be fully endorsed and must follow the Change Control procedure.
• A user must not run any command or application that may inadvertently affect the server performance.
• A server must not be shut down or rebooted by a user unless deemed absolutely necessary.
• Unless deemed necessary the server configuration must not be tampered by a member.
• The user must understand the importance and criticality of each of the servers under their domain and must ensure that the system executes the operational capability under acceptable standards.
D. Policy date:
10. The Privileged User Account Access Policy was issued on 17 May 2018, will remain in force without time limit, and will be reviewed annually to ensure relevance.
E. Policy owner:
11. The Adande Applications Development Manager is responsible for the Privileged User Account Access Policy.
F. Change authority:
12. The Adande Branch Chief, Designated Website Development Manager and Marketing Manager have the authority to change the privileged user account access policy.
You agree that:
1 ) I have read This Privileged User Account Access Policy.
2 ) I agree to comply with the provisions of this Privileged User Account Access Policy.
3 ) I understand that, after agreeing to comply with the provisions of this Privileged User Account Access Policy, failure to follow the provisions may result in administrative penalties up to and including termination of employment.
4 ) I also agree to provide full cooperation during any investigation concerning security matters which may have occurred in any of the ADANDE Servers.