cmm application access administration process

IT Application Access Administration Process

Number:Page Number:Date of Issue:

Revision:Prepared By:

Revised By:Approved By:

ITP of 528 March 071Hong Chan Chuen

Lim Hock Chee

1. PURPOSE

The purpose of this document is to define the process of IT Application Access Administration Process.

2. SCOPE

This procedure applies to all systems under the scope Bill 198.This process covers the Corporate IT Policies 865-02-SEC-02-05It covers a) addition of access b) modification to access and c) removal of users, for both end users and privileged users.

3. DEFINITIONS

Change: An action resulting in a new status for one or more IT infrastructure configuration items.

Standard Change: A change that follows an established path. It is relatively common, and is the accepted solution to a specific requirement.

Minor Change: Minor impact only, and few “build” or additional “runtime” resources needed.

Significant Change: Significant impact, and/or significant “build” or “runtime” resources needed.

Major Change: Major impact, and/or large amount of “build” or “runtime” resources required, or impact likely upon other parts of the organization.

Urgent Change: Disruption to infrastructure and high incidence of failure (Urgent changes still require formal review and approval).

Enterprise: Any change that involves critical pre-identified Configuration Items. Request for Change (RFC): Form or screen used to record details of a request

for change to any configuration item <Add or remove definitions as necessary>

When printed, this document is uncontrolled unless properly identified as controlled.






Lim Hock Chee

4. RESPONSIBILITIES

Responsibilities are detailed in the flow chart and notes below. <If there are responsibilities which are not defined in the process flow, please define them here>

Role

Task

Department Manager

Application Owner / Administrator

User

Submit Access Request

A R

Review Request R R CRecord the request

R

Inform User of rejection

I R I

Assign Access Rights/ID to User

R

R – ResponsibleA – AccountableS – SupportI – InformC – Consult







Lim Hock Chee

5. PROCESS DESCRIPTION

A. Process Flow

Process Workflow (High Level)







Lim Hock Chee

B. Activity Description

1. User Submit an Access Request Form stating the reason for requesting for the Emergency or Group id.

2. The Department Manager will review the request.

3. If Department Manager approves the request, the Application Owner / Administrator will review the request based on the Segregation of Duties list (SOD). If request is rejected, the user will be informed.

4. If Application Owner / Administrator approve the request, the Application Owner / Administrator will assign the id to the user. If the request is rejected, the user will be informed.

5. The Application Owner / Administrator will close the request and log the Access Request.

C. Inputs

List of approvers – Department Manager and Application Owner / Administrator Segregation of Duties table for the system in scopeOnline Application Access Request Form

D. Outputs

Completed/Rejected Request formsHistory log of requests and activities (result), approvals, reviews

E. Interfaces

Segregation of Duties

F. Dependencies







Lim Hock Chee

6. USERS

User Name or Group Division/Region/Shared Service Organization

7. REFERENCES/SOURCE MATERIALS

Short Name Description File NameCorporate IT Policies865-02-SEC-02-05

Granting, Revoking, Changing and Reviewing User Access

8. REVISION RECORD

Reason for Revision Effective Date Person ResponsibleInitial Release 9-July-2009 Hong


cmm application access administration process

Documents