Log-On Policy

Log-On Policy

Introduction

anDREa is committed to protecting the security of its business information in the face of incidents and unwanted events and  has implemented an Information Security Management System (ISMS) that is compliant with ISO/IEC/27001:2013, the international standard for information security.
The purpose of this document is to describe anDREa’s Log-On Policy in which the Password Policy is a subset.
This document will be updated at least annually and when significant change happens. 

Log-On Policy

Scope

The scope of this policy applies to all personnel who have or are responsible for an account that has access to any service and system of anDREa. Notably this consists of accounts of anDREa personnel registered under the ‘andrea.org’ domain. This policy also applies to accounts from tenant domains where enforceable. Accounts of end-users are not included in this scope though their guest-account in the anDREa AAD is.

Password Policy


Multi-Factor Authentication Policy

  1. Usage of multi-factor authentication is required for all accounts
  2. CTO can make exceptions these are documented in Policy Exceptions

Access Policy

All traffic must use of encrypted access paths (TLS based network encryption)

    • Related Articles

    • Privacy Policy

      Introduction anDREa is committed to be GDPR Compliant and protect the data and privacy of all stakeholders. The purpose of this document is to describe anDREa’s Data Handling Policy. The rules for acceptable use must take into consideration ...
    • Password Policy

      Introduction anDREa is committed to protecting the security of its business information in the face of incidents and unwanted events and  has implemented an Information Security Management System (ISMS) that is compliant with ISO/IEC/27001:2013, the ...
    • A.14.2.1 Secure development policy

      Version: 3.0 Valid until: 2025-04-10 Classification: Low Version Management Version Author(s) Change(s) Date approved 1.0 Stefan van Aalst Edward Robinson Sarang Kulkarni Johanna Hakonen Initiation document 2022-07-07 1.1 Edward Robinson ...
    • AI/LLM Use Policy

      Version: 1.0 Valid until: 2025-03-26 Classification: Low Version Management Version Author(s) Change(s) Date approved 1.0 Stefan van Aalst Edward Robinson Initiation document 2024-03-26 Purpose & Background anDREa B.V. (hereafter called anDREa) ...
    • ISO 27001 - Overview & Statement of Applicability

      Introduction This page is the stepping stone to all ISO 27001 related policies and procedures. anDREa's Access Control Policy applies. Some documents, records especially, might not be accessible. Authorized access will be issued based on invitation ...