01233 743 240

Access Control Policy

1. Purpose

This policy defines how Flowbird Ltd controls access to information systems and data to ensure that access is restricted to authorised users only and based on business need.

2. Scope

This policy applies to all users (employees, directors, contractors, and third parties) and to all systems, applications, networks, and data used or managed by Flowbird Ltd, including cloud-based services.

3. Access Principles

  • Access is granted on the principle of least privilege and need-to-know.

  • Users are only provided access necessary to perform their role.

  • Access rights are approved by appropriate management.

4. User Account Management

  • Each user is provided with a unique user account.

  • Shared accounts are not permitted except where technically unavoidable and formally approved.

  • User access is reviewed periodically.

  • Access is removed promptly when no longer required or upon termination of employment or contract.

5. Authentication and Credentials

  • Appropriate authentication controls are used to protect user accounts.

  • Users must protect passwords and authentication credentials and must not share them.

  • Multi-factor authentication is implemented where supported by systems and services.

6. Privileged Access

  • Administrative or privileged access is restricted to authorised individuals.

  • Privileged access is used only for approved administrative purposes.

  • Use of privileged accounts is monitored where technically feasible.

7. Remote and Third-Party Access

  • Remote access to systems is controlled and secured.

  • Third-party access is granted only where necessary and subject to appropriate security controls.

  • Third-party access is reviewed and revoked when no longer required.

8. Monitoring and Review

Access controls are reviewed periodically to ensure continued appropriateness and effectiveness.

9. Non-Compliance

Failure to comply with this policy may result in disciplinary action or contractual remedies.

Approved by: Senior Management
Organisation: Flowbird Ltd
Review cycle: Annual or upon significant change