Our team members are required to enter two or more credentials to authenticate their identity, such as username and password, and a token number as secondary authentication.
We implement MFA as and when required, and this is based on risk levels. For example, an MFA is required when:
- administrative staff need access to IT systems
- employees need to access our IT systems using the Internet, such as when working remotely
Role-Based Access Control (RBAC): we provide access rights to employees based on their role within the organisation. Controlled by RBAC, they only have access to the information they need to perform a specific function.
Access to IT systems and applications are approved by the owner of the IT systems, and at times by the Information Security team. Access rights are checked and validated periodically, and access is removed if the employee leaves or changes their role within Southern Cross.