<! --- SPDX-License-Identifier: CC-BY-4.0 -- >
Operations sufficient for preventing data processing systems from being used by unauthorised persons should be in place depening on the deployment scenario. Logical access controls should be designed based on authority levels and job functions. Granting access should be given on a need-to-know and least privilege basis, where it is restricted to authorised employees responsible for the job. The use of unique IDs -identified through SSO- and passwords for all users is adapted, including a periodic review and revoking access when employment terminates or changes in job functions occur. Technical and organisational measures thay you should take into account involve; username and password protected systems, intrusion detection facilities, use of Virtual Private Networks (VPNs) for remote access, firewalls, intrusion Detection System (IDS), user permission management, information security policy, work instruction of IT user regulations, operation security and access control.