ACCESS CONTROL SYSTEMS ARE AN ESSENTIAL PART of any organization. An access control system protects both the organization and its users. Limiting who can have access to certain documents, computer systems, or applications but ensuring those who need full access have it is a security measure that needs to be developed and continuously tested.

Identifying and implementing an access control system can be challenging. This chapter addresses how policies, standards, guidelines, and procedures help you implement and maintain an access control system. The procedures you create should be easily understood by those implementing them and the users who must abide by them.