Purpose:

The purpose of this Access Control Policy is to establish guidelines for requesting, approving, and monitoring access to Rundoo’s software and hardware assets. This policy ensures that access is granted on an “as-needed” basis to support business operations while maintaining data security, regulatory compliance, and system integrity.

Scope:

This policy applies to all Rundoo employees, contractors, and any third parties with authorized access to Rundoo’s software applications, systems, and devices.

Policy:

  1. Access Request
    1. Initiation: Access to software, systems, and devices must be requested by the employee or contractor’s manager based on the individual’s job responsibilities and business needs.
    2. Request Submission: Requests must be submitted through Rundoo’s designated access management system or, where unavailable, in writing to the IT and Security Team for tracking and auditing purposes.
    3. Eligibility: Access requests are reviewed to ensure they align with the user’s role and level of access required for their responsibilities.
  2. Access Approval
    1. Approval Process: All access requests must be reviewed and approved by both the requestor’s manager and the IT and Security Team.
    2. Principle of Least Privilege: Access is provisioned based on the principle of least privilege, granting users only the minimum access necessary to perform their roles.
    3. Documentation: Approved requests are documented, including justification, access levels granted, and the approvers’ identities, to ensure an audit trail and compliance with security policies.
  3. Access Provisioning
    1. Software and Systems: Access to applications, databases, and internal systems is provisioned by the IT and Security Team upon approval and configured to match the specified access level.
    2. Devices: Device access, including laptops, tablets, and other company-owned hardware, is issued by the Operations team upon approval and tracked in the asset management system.
    3. Single Sign-On (SSO): Where available, access to SaaS applications and systems is provisioned through Google’s Single Sign-On (SSO) to centralize authentication and improve security.
    4. Multi-Factor Authentication (MFA): Multi-factor authentication is required for access to all high-risk systems to provide an additional layer of security beyond passwords. This includes sensitive databases, production environments, and any other systems deemed critical by the IT and Security Team.
    5. Password Requirements and Management: Rundoo enforces platform-based password requirements for all accounts, and all passwords must be managed in 1Password to ensure security and centralized control. Inactivity lockouts are enabled where appropriate to reduce the risk of unauthorized access to unattended systems.
  4. Ongoing Access Monitoring
    1. Periodic Reviews: Access levels are reviewed quarterly to verify continued necessity based on the user’s role and responsibilities. Access may be modified or revoked if no longer required.
    2. Real-Time Monitoring: DataDog and Google Cloud Monitoring are used to detect unauthorized access attempts or unusual activity on production systems, with automated alerts sent to the IT and Security Team.
    3. Deprovisioning: Access is immediately revoked upon employee or contractor exit, role change, or other business-related adjustments. All access credentials and device assignments are documented and terminated in alignment with offboarding procedures.
  5. Policy Amendments and Exceptions
    1. Policy Revisions: Rundoo retains the right to amend this policy as needed to adapt to evolving security threats, business requirements, or regulatory changes.
    2. Exceptions: Any deviations from this policy require documented approval from the IT and Security Team, with justification and a timeline for compliance.

Compliance:

All Rundoo personnel are required to comply with this policy. Non-compliance may lead to disciplinary action, up to and including termination of employment or contract.

https://embed.notionlytics.com/wt/ZXlKM2IzSnJjM0JoWTJWVWNtRmphMlZ5U1dRaU9pSkNZMlJNVm1seFdHUjViMmRYZERKbVlsQkpaaUlzSW5CaFoyVkpaQ0k2SWpFek1tVXhNVE01T0RabFlUZ3dZalE0TURrNFpEbGpNVEl5WmpjNVl6bGxJbjA9