1. Knowledge Base
  2. Cybersecurity
  3. Lex Mundi Core Standards and Recommended Practices

Information Access Control - role-based access

Policy - and software to enable - the provision of accounts and manage access

 

Role-based access control for confidential information

":Law firms often deal with highly secure client information, and need to ensure that this information is kept safe from both outside hackers and unauthorized employee access inside the company. One way to ensure this is to have proper access management in place. This means that some type of policy to provision accounts and manage access is put into place with the possibility of a solution to assist.

There needs to be a guideline or policy of how accounts should be set up, named, and exactly what positions in the organization should have access to which resources. This allows the firm to ensure that when an account is set up, the newly hired employee has the exact resources and access rights that they need without being accidentally given too many, or too few, access rights.

An automated account management solution with role-based access control (RBAC) can also be of assistance so that this policy can be ensured and so that an employee does not need to manually perform account provisioning changes."

Source: http://www.lawtechnologytoday.org/2016/05/account-password-security-law-firms/