Information Security Policy

Domain: Expiry Policy

EXPIRY POLICY

Confidential - Internal Use Only

Page 1 of 4
 Information Security Policy
Domain: Expiry Policy

Table Of Contents
1 Purpose...............................................................................................................................3
2 Policy Statement..................................................................................................................3

Confidential - Internal Use Only

Page 2 of 4
 Information Security Policy
Domain: Expiry Policy

1 Purpose
In accordance with industry ‘best practices’ and to comply with numerous compliance
regulations, The company has prepared various Information Security policies and procedures
which are intended to protect the confidentiality, integrity and availability (CIA) of their critical
client data and their computing resources. This document describes the role of the Chief
Information Security Officer (CISO) at The company in defining and administering these
policy and procedures..

2 Policy Statement
The following table maps basic user privileges and expiration of those privileges.
Classification Privileges Expiry
Regular Full-Time Employee  Company based desktop PC with Date of termination of employment.
approved software suite.
(General)  IP account for electronic mail and Web
browsing (including intranet).
 Access to shared work server and
main shared applications server.
 VPN access to above services.
Regular Full-Time Employee  Company laptop computer and Date of termination of employment.
docking station.
(sales)  IP account for electronic mail and Web
browsing (including intranet).
 Access to shared work server and
main shared applications server.
 VPN access to above services.
Part-Time Employee  Company based desktop PC with Date of termination of employment
approved software suite.
 IP account for electronic mail and Web
browsing (including intranet).
 Access to shared work server and
main shared applications server.
Intern  Company based desktop PC with Official end date of internship.
approved software suite.
 IP account for electronic mail and Web
browsing (including intranet).
Contract Worker  Company based desktop PC with Official end date of contract.
approved software suite.
 IP account for electronic mail and Web
browsing (including intranet).
 Access to shared work server and
main shared applications server.
Former Full-Time Employee  IP account for THE COMPANY One year (renewable) from retirement

Confidential - Internal Use Only

Page 3 of 4
 Information Security Policy
Domain: Expiry Policy

(Retired) electronic mail. date.

Supplier/Business Partner  THE COMPANY Extranet account. Date of termination of partnership or
contract.

The above privileges represent the allowable minimum. The affected Department Manager, the
THE COMPANY IT Department, and the Human Resources Manager must approve any
additional privileges, or extension of expiry date. All extensions of expiry must be of limited
duration, with a clearly indicated term and end date.

Confidential - Internal Use Only

Page 4 of 4