Page 57 - Ipsos
P. 57
Information Classification: Internal Use
Ipsos Book of Policies & Procedures
6.2.3 E-mail account management
The Global Access Management Policy prescribes how to:
- Track the actions of custodians and users;
- Create Access Rights profiles assuring that there exists clear role segregation
between profiles (example: segregation between development accounts, quality
control accounts, production accounts, administrative accounts etc.);
- monitoring the design and operations of systems to ensure that the policy is
followed;
- Create Access Rights Profiles using the Access Rights Profile form;
- Review granted Special Access Rights once at 6 months;
- Review Access Rights Profiles once at 6 months;
- Communicate to the stakeholders the updated access rights matrixes;
- Ensuring that access privileges to their resource are removed for users or
custodians who routinely disregard their policies.
The Global Access Management team:
- Manages email accounts according to the requirements of present policy;
- Setups E-mail account generic OOO message
- Setups E-mail data access, via discovery mailbox for maximum 30 days to line
manager or delegated stuff;
- Setup legal hold according to the requirements of the current policy set in section
6.2.4.
6.2.4 Legal Hold and internal investigation
For compliance to litigation requests or for internal investigations, legal hold may be applied to
current or departed users E-mail accounts. Authorization to apply a legal hold, other than the
ones explicitly defined in this policy, may only come from:
- Group CFO
- Group Legal Counsel
- Group Internal Audit Director
- Group CIO
- Global Information Security Director
Page 17 of 22
