History

Priority

should

2010

Agencies should:••••limit system access on a need-to-know basishave any requests for access to a system by personnel authorised by their supervisor or managerprovide system users with the least amount of privileges needed to undertake their dutieshave system access and privileges reassessed at regular intervals by the supervisor or manager ofthe system user, including when a change of duties occurs, and remove system access or privilegesif necessary.

2008

Agencies should: a. limit system access on a need-to-know basis b. provide system users with the least amount of privileges needed to undertake their duties c. have any requests for access to a system authorised by a staff member’s supervisor or manager.