cmm application access administration process
TRANSCRIPT
IT Application Access Administration Process
Number:Page Number:Date of Issue:
Revision:Prepared By:
Revised By:Approved By:
ITPPage 1 of 528 March 071Hong Chan Chuen
Lim Hock Chee
1. PURPOSE
The purpose of this document is to define the process of IT Application Access Administration Process.
2. SCOPE
This procedure applies to all systems under the scope Bill 198.This process covers the Corporate IT Policies 865-02-SEC-02-05It covers a) addition of access b) modification to access and c) removal of users, for both end users and privileged users.
3. DEFINITIONS
Change: An action resulting in a new status for one or more IT infrastructure configuration items.
Standard Change: A change that follows an established path. It is relatively common, and is the accepted solution to a specific requirement.
Minor Change: Minor impact only, and few “build” or additional “runtime” resources needed.
Significant Change: Significant impact, and/or significant “build” or “runtime” resources needed.
Major Change: Major impact, and/or large amount of “build” or “runtime” resources required, or impact likely upon other parts of the organization.
Urgent Change: Disruption to infrastructure and high incidence of failure (Urgent changes still require formal review and approval).
Enterprise: Any change that involves critical pre-identified Configuration Items. Request for Change (RFC): Form or screen used to record details of a request
for change to any configuration item <Add or remove definitions as necessary>
When printed, this document is uncontrolled unless properly identified as controlled.
IT Application Access Administration Process
Number:Page Number:Date of Issue:
Revision:Prepared By:
Revised By:Approved By:
ITPPage 2 of 528 March 071Hong Chan Chuen
Lim Hock Chee
4. RESPONSIBILITIES
Responsibilities are detailed in the flow chart and notes below. <If there are responsibilities which are not defined in the process flow, please define them here>
Role
Task
Department Manager
Application Owner / Administrator
User
Submit Access Request
A R
Review Request R R CRecord the request
R
Inform User of rejection
I R I
Assign Access Rights/ID to User
R
R – ResponsibleA – AccountableS – SupportI – InformC – Consult
When printed, this document is uncontrolled unless properly identified as controlled.
IT Application Access Administration Process
Number:Page Number:Date of Issue:
Revision:Prepared By:
Revised By:Approved By:
ITPPage 3 of 528 March 071Hong Chan Chuen
Lim Hock Chee
5. PROCESS DESCRIPTION
A. Process Flow
Process Workflow (High Level)
When printed, this document is uncontrolled unless properly identified as controlled.
IT Application Access Administration Process
Number:Page Number:Date of Issue:
Revision:Prepared By:
Revised By:Approved By:
ITPPage 4 of 528 March 071Hong Chan Chuen
Lim Hock Chee
B. Activity Description
1. User Submit an Access Request Form stating the reason for requesting for the Emergency or Group id.
2. The Department Manager will review the request.
3. If Department Manager approves the request, the Application Owner / Administrator will review the request based on the Segregation of Duties list (SOD). If request is rejected, the user will be informed.
4. If Application Owner / Administrator approve the request, the Application Owner / Administrator will assign the id to the user. If the request is rejected, the user will be informed.
5. The Application Owner / Administrator will close the request and log the Access Request.
C. Inputs
List of approvers – Department Manager and Application Owner / Administrator Segregation of Duties table for the system in scopeOnline Application Access Request Form
D. Outputs
Completed/Rejected Request formsHistory log of requests and activities (result), approvals, reviews
E. Interfaces
Segregation of Duties
F. Dependencies
When printed, this document is uncontrolled unless properly identified as controlled.
IT Application Access Administration Process
Number:Page Number:Date of Issue:
Revision:Prepared By:
Revised By:Approved By:
ITPPage 5 of 528 March 071Hong Chan Chuen
Lim Hock Chee
6. USERS
User Name or Group Division/Region/Shared Service Organization
7. REFERENCES/SOURCE MATERIALS
Short Name Description File NameCorporate IT Policies865-02-SEC-02-05
Granting, Revoking, Changing and Reviewing User Access
8. REVISION RECORD
Reason for Revision Effective Date Person ResponsibleInitial Release 9-July-2009 Hong
When printed, this document is uncontrolled unless properly identified as controlled.