Guideline 30. Comprehensive access control system
The institution implements a comprehensive system to control access to technological equipment and devices and software systems.
This includes mechanisms for data access control, endpoint access control, authentication and identification, user privilege management, network access control, password management and logs.