The registration and termination of user access to systems shall be managed as follows;
All requests for access must be logged in Mantis Hub for approval
Following approval, users will be emailed the Sm8rtHealth Request for Access form
- Upon receipt of the Request for Access form;
- A voice call will be used to validate the applicant
- User ID and any access instructions will be emailed to the applicant
- A SMS will be sent providing the password for access.
- All users of information resources will be provided a unique User ID and authorisation from the system owner to access Sm8rtHealth’s information assets.
- All users will be provided with documentation of their access rights and terms of use.
- No users shall be granted access to any system prior to completing all authorisation steps.
- A record of all registered users will be maintained and checked periodically for unused, redundant, or expired user accesses or accounts, or incorrect privileges.
Redundant User ID’s
- Will not be re-issued to new users.
- New accounts that have been unused for 14 days will be disabled.
- The user accounts of personnel leaving the employ of Sm8rtHealth or it’s service providers will be removed immediately upon leaving.
- Third-party personnel requiring access to Sm8rtHealth’s systems must follow Third Party Access Authorisation procedures for user registration.
Review of user access rights
User access rights will be reviewed every 6 months. A review of all special privilege access rights will be carried out annually, or as required.
Management of user privileges
User privileges will be managed as follows;
- All user privileges must be assigned through a formal authorisation procedure
- Sm8rtHealth will ensure that no privileges are assigned before the completion of such procedure
- All privileges will be allocated on an ‘as required’ basis.
