Log-On Policy

Log-On Policy

Introduction

anDREa is committed to protecting the security of its business information in the face of incidents and unwanted events and  has implemented an Information Security Management System (ISMS) that is compliant with ISO/IEC/27001:2013, the international standard for information security.
The purpose of this document is to describe anDREa’s Log-On Policy in which the Password Policy is a subset.
This document will be updated at least annually and when significant change happens. 

Log-On Policy

Scope

The scope of this policy applies to all personnel who have or are responsible for an account that has access to any service and system of anDREa. Notably this consists of accounts of anDREa personnel registered under the ‘andrea.org’ domain. This policy also applies to accounts from tenant domains where enforceable. Accounts of end-users are not included in this scope though their guest-account in the anDREa AAD is.

Password Policy


Multi-Factor Authentication Policy

  1. Usage of multi-factor authentication is required for all accounts
  2. CTO can make exceptions these are documented in Policy Exceptions

Access Policy

All traffic must use of encrypted access paths (TLS based network encryption)

    • Related Articles

    • Privacy Policy

      Introduction anDREa is committed to be GDPR Compliant and protect the data and privacy of all stakeholders. The purpose of this document is to describe anDREa’s Data Handling Policy. The rules for acceptable use must take into consideration ...

    • Password Policy

      Introduction anDREa is committed to protecting the security of its business information in the face of incidents and unwanted events and  has implemented an Information Security Management System (ISMS) that is compliant with ISO/IEC/27001:2013, the ...

    • ISO 27001 - Overview & Statement of Applicability

      Introduction This page is the stepping stone to all ISO 27001 related policies and procedures. To view the complete ISMS and all related documentation visit looker studio. anDREa's Access Control Policy applies. Some documents, records especially, ...

    • anDREa B.V. obtains ISO 27001 certification

      Version: 2022-09-15 TL;DR: anDREa B.V. obtained ISO 27001 certification. Feel free to download the certificate (attached at the bottom). Introduction anDREa B.V. is committed to protecting the security of its business information in the face of ...

    • AI/LLM Use Policy

      Version: 1.0 Valid until: 2025-03-26 Classification: Low Version Management Version Author(s) Change(s) Date approved 1.0 Stefan van Aalst Edward Robinson Initiation document 2024-03-26 Purpose & Background anDREa B.V. (hereafter called anDREa) ...