We have now discussed the first two A’s: Authentication and Authorization. The third A stands for Accountability which establishes the reasons and source for changes, activations, additions, deactivations and deletions. This is accomplished by means of audit trails and logs that identify Who, What and When.
Some accountability processes such as policies and tickets also document the reasons why actions are performed, what changes are made and by what authority they are approved. Accountability is a significant and vital requirement for security and risk mitigation.
Each of the previous articles gave attention to the role and importance of Accountability. Hiring, training, granting or revoking access, and employee management should all be accompanied by a documented chain of custody and authorization. This documentation takes the form or company policies, job descriptions, documented training regimens, and the use of tickets or cases to add, change or terminate access. Chain of custody and authorization is accomplished using historical records that require approvals by multiple and appropriate parties and data owners. Material and critical functions, such as the granting of access to critical systems, should never be done without documentation, audit trails and processes that do not engage multiple parties.
Within the inContact ACD solution, Accountability is critical to the secure operation of our customers business. inContact maintains a history of adds, changes, deactivations and agent logins. As the leading Cloud provider of hosted contact center solutions, the Triple AAA’s of Security are part of inContact’s Defense in Depth strategy to ensure your data, your business, and your customers are protected.