> Help > All Categories > Enterprise Security Assessment > Data and Asset Security > Access Control

Do you allow Constituents to access Scoped Data?

book reader icon
1 Minute
12/09/2024
facebook logo gray
linkedin logo gray
mail logo gray

Yes. But only during client setup and support, and restricted to defined roles. The approval of access rights is segregated from the implementation, and user access rights are handled in according to the principle of least privilege.

Last update 2 months ago

Do you employ segregation of duties for granting and approving access to Scoped Systems and Data?

Yes. When necessary, granting and approving access requests to Scoped Systems and Data is segregated in order to minimize risks.

Do you limit access to your systems that store or process Scoped Data?

Yes. Both physical and remote access to all of QR Planet's systems, whether storing or processing scoped or other data, is restricted on a need-to-access-basis.

Do you have a process in place for the appropriate handling of user access rights?

Yes. Access rights are reviewed periodically and also when a Constituent's role changes, and are adjusted if necessary, especially privileged access rights.