Security Management System
Security Management System
Security Management System
1. Each User is responsible for any data entry emanating from his User Id.
2. Access Bank’s security policy requires only authorized users to make use of the
Bank’s Hardware, Software, and other accessories.
3. No user may use any other User’s account with or without that User’s permission.
4. Any process done on the system carries the user-id of the person that logged into
the system with it. Hence any problem will be traced to the particular user.
5. Do not leave your workstation unattended. The user must always logout of the
system before leaving the workstation.
6. Each User should change his/her password every thirty days or earlier if you
consider it compromised and notify the Inspection department. Passwords are
expected to be changed every 30 days .If passwords are not changed, access may
be denied and the User will be required to contact the Inspection department to
obtain a new password.
7. If you forget your password then, you must forward an authorization letter endorsed
by your department head, to Inspection department to reset the password.
8. After three (3) unsuccessful login attempts, the system will automatically disable the
user ID concerned and the workstation on which it is attempted. A log of all login
failures is being generated for security review.
9. Each time you login to the system, always review the last login date & time (and if
any, invalid login). Report promptly to the Inspection department if it does not
correspond with the last time you logged on.
10. When going on leave, notify the department so that your user ID is deactivated.
11. On return from leave, notify the department through your group Head to activate
your user ID.
12. You cannot use ten previous passwords.
13. After twenty cumulative unsuccessful attempts your User Id would be disabled.
14. After one hundred and twenty seconds of inactivity, the system will log you out.
www.accessbankplc.com
15. A password should have minimum of six characters and maximum of eleven
characters
16. You cannot use the following types of passwords (i.e. restrictive passwords)
Bank level: Applicable to all the users of the system e.g. name of bank, city, Country
etc.
User role level: Applicable for all the users doing a similar kind of role. For example
names, or terms that are commonly used in the department.
User Level: A list of prohibited passwords shall be maintained for each user. These
passwords are generally names, words that can easily be associated with the user.
For example, the name of the user’s spouse, car number, telephone number, date
of birth etc.
Software
Users shall use only legal versions of copyrighted software in compliance with
vendor license requirements
www.accessbankplc.com
Users shall not copy any of the bank’s application for use on another computing
resource without written consent of the Systems Control & Documentation Unit.
Users shall not copy any of the bank’s application or data for use on a non-
computing resource without the written consent of the Systems Control &
Documentation Unit
Users shall not copy any non-owned application or software to any of the bank’s
computing resource without written consent of the Systems Control &
Documentation Unit.
www.accessbankplc.com
Users shall be responsible for appropriate disposal of unwanted output materials
from any computing resource. Management shall ensure that facilities are made
available to appropriately dispose off unwanted materials produced from a
computing resource e.g. Shredder.
E-mail
Access Bank’s E-mail system shall not be used to send fraudulent, subversive,
harassing, obscene, threatening, or other unlawful messages.
Users shall not create, send, or forward multilevel marketing or prank letters (chain
letters, pyramid selling schemes, etc.).
E-mail shall be used for the bank’s official business related communications only.
www.accessbankplc.com
2. Downloading any games or non-business applications.
3. Participating in any Internet non-business activities, newsgroups, or games.
1.3 Compliance
Management will communicate all specific standards, procedures, and guidelines
supporting this policy to all employees. Management will also use them as a basis for
compliance monitoring, reporting and review. Failure to comply with security policies,
procedures, guidelines, and standards constitutes improper conduct and will be
handled in accordance with personnel policies concerning disciplinary action at the
sole discretion of Access Bank’s management.
1.4 Monitoring
Access Bank’s Management, Information Technology and Inspection department have
the right to monitor all activities associated with the use of the bank’s IT assets and
resources. Anyone using the bank’s IT assets and resources consents to such
monitoring and is advised that if such monitoring reveals possible evidence of criminal
activity, Inspection personnel may provide the evidence of such monitoring to law
enforcement officials. Management, as a basis for disciplinary actions, may also use
the evidence of such monitoring.
Access Bank reserves the right to monitor and inspect all applications and data located
on the bank’s computing resources. This includes, but is not limited to e-mails, text
documents, graphics, and applications. All applications and data located on the bank’s
computing resources shall be considered the property of Access Bank or that of a
contracted Third Party Vendor. As such, management and Information Technology and
Inspection department may monitor, inspect, copy, and delete any application or data
located on such computing resources. Contracted Third Party Vendor applications will
be handled in compliance with established vendor licensing requirements.
www.accessbankplc.com
the severity and context of the incident and will follow the disciplinary procedures of the
bank. The Inspection department may deny or revoke computing privileges at any time.
Security privileges may be restored only after consultation between the Inspection and
Access Bank’s senior management personnel.
www.accessbankplc.com
Individual Security Policy Disclosure
ATTACHMENT A
I hereby verify that I have read, understood, and will follow all security policies outlined
in the - Information System Security Policy document. I understand that any
violation of such policies may result in legal and/or disciplinary action.
____________________________ ______________________
Requester Name Requester Signature & Date
__________________________________________
Company Name (If not direct employee)
www.accessbankplc.com
PASSWORD SECRECY UNDERTAKING
Having been assigned an ID to operate the bank’s computer system, I undertake that:
A I will keep my password to myself and would not share it with another employee of
the bank and/or an outsider.
C In case where I have been/will be provided with more than one ID, I would not use
one to check/approve my own work. I fully understand that this is in violation of the
bank’s basic policy that “no one rank, title or function will process a specified
transaction from initiation to final authorisation”.
D I fully understand that because of any failure on my part to fulfil the above, any
disciplinary action can be taken against me including the termination of my services
from the bank notwithstanding the terms and condition laid down in my employment
contract.
NAME: ----------------------------------------------------
SIGNATURE: -------------------------------------------
DATE: ----------------------------------------------------
www.accessbankplc.com