Limit and Audit Privileged Accounts. For any Accounts or Roles that have broad access to information or the ability to modify Information Resource operations (“privileged” accounts or roles), Owners must develop a mechanism to ensure that (a) account creation and use are expressly authorized based on well-defined criteria; (b) accounts are limited to the individuals whose function requires broad privilege; (c) account creation and use is tracked and auditable; and (d) appropriate mechanisms are in place to timely offboard privileged accounts. For example, an employee providing desktop support may need to be able to elevate to administrator- level access on workstations in the group they support, but should not be able to use administrator-level access on workstations in areas of the organization they do not support, nor on servers administered by a separate group.
Appears in 3 contracts
Sources: Primary Care Accountable Care Organization Contract, Primary Care Accountable Care Organization Contract, Primary Care Accountable Care Organization Contract