Access Control and Identity Management
At GlobalSuite Solutions, we have a robust framework for access control and identity management, aligned with security best practices and regulatory requirements such as ISO 27001, ENS, and SOC2. Our approach is designed to ensure that only authorized users access the information necessary for their job functions, always adhering to the principle of least privilege.
Corporate Access Control Policy
We have a formal corporate policy that regulates access to information systems and establishes controls such as:
-
Granting permissions under the principle of least privilege.
-
Periodic review of accounts and permissions.
-
Remote access control and implementation of enhanced authentication.
-
Systematic monitoring and auditing of access.
Multifactor Authentication (MFA)
Access to our infrastructure is protected through multifactor authentication (MFA), with additional controls applied both to corporate service access and user logins. These mechanisms combine different authentication factors to ensure that only authorized users securely access the systems.
Unique Identifiers
All corporate users have unique and personal identifiers. Shared accounts are not used under any circumstances.
Encrypted Remote Access
All remote access to corporate systems is conducted through encrypted channels, using VPN over TLS to ensure confidentiality and integrity.
Access Logging and Auditing
Both successful and failed login attempts are logged, including information such as date and time. These logs are primarily centralized in our corporate identity manager, facilitating their auditing and analysis.