User access for IT systems

20 September 2019
The Department of Health and Human Services requires funded agencies to ensure that users accessing IT systems to record sensitive client data and information are current and authorised at all times.

Agencies should be diligent in ensuring processes and checks are in place for regular monitoring and audits of user access. Appropriate controls to consider include the determination of roles and privileges, the management of staff role changes and the removal of system and internal access for staff who have ceased employment.  Staff should also be aware of the acceptable use of these systems when authority has been granted.