AstraZeneca Global Request for Service, Special - Single Purpose and Special - Testing Account Access. Form should be used for new, changes and when requesting privilege access to Service accounts, Special / Single Purpose accounts and Special - Testing accounts only (see mandatory settings on page 2) O Mailbox, Internet or My Documents access are not allowed. Any exceptions require Security approval O These accounts are never to be used as a Shared User ID O The password should be known by the account owner and approved deputy
AstraZeneca Global Request for Service, Special - Single Purpose and Special - Testing Account Access. Form should be used for new, changes and when requesting privilege access to Service accounts, Special / Single Purpose accounts and Special - Testing accounts only (see mandatory settings on page 2) O Mailbox, Internet or My Documents access are not allowed. Any exceptions require Security approval O These accounts are never to be used as a Shared User ID O The password should be known by the account owner and approved deputy
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOCX, PDF, TXT or read online from Scribd
AstraZeneca Global Request for Service, Special - Single Purpose and Special - Testing Account Access. Form should be used for new, changes and when requesting privilege access to Service accounts, Special / Single Purpose accounts and Special - Testing accounts only (see mandatory settings on page 2) O Mailbox, Internet or My Documents access are not allowed. Any exceptions require Security approval O These accounts are never to be used as a Shared User ID O The password should be known by the account owner and approved deputy
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOCX, PDF, TXT or read online from Scribd
Service, Special - Single Purpose and Special - Testing
Account Access
Copyright IBM 2009, 2011. All rights reserved. Page 1 oI 4 Template: AZ-Global-TMP-0256-V03.00 Parent Document: AZ-Global-WI-0287
Important Instructions and ResponsibiIities
O This form should be used for new, changes and when requesting privilege access to Service accounts, Special Single Purpose accounts and Special - Testing accounts ONLY (see mandatory settings on page 2) O Mailbox, nternet or My Documents access are not allowed. Any exceptions require Security approval O These accounts are never to be used as a Shared User D O These accounts are not to be used for individual log on. However for specific exceptions, please see the mandatory settings on page 2 O BM Global Access Support Enterprise must be informed of any intended change of use and/or ownership of the account O The password should be known by the account owner and approved deputy only O A record must be kept of these named individuals O All AstraZeneca personnel using this account have read the AstraZeneca Computer Usage Policy (click here for the AZ Computer Usage Policy link) O All BM personnel using this account have read the BM Business Conduct Guidelines Note: IBM Global Access Support Enterprise team will maintain a record of the account details, the owner and deputies.
Routing and ApprovaI Instructions
1. This form should be completed by the account owner (or the account deputy) to verify account owner responsibility.
2. To avoid delay, please verify all mandatory (*) fields are populated.
3. When completed, this form (with the full business justification for access) should be sent for approval to the following persons. f there are no exceptions or privileged access requested, then account owner approval onIy is necessary:
AstraZeneca staff/contractors/IBM NOC: 1st level = Line/Task Manager 2nd level = AZ Application Service Manager/System Owner or Local S Security Manager (LSSM)
AstraZeneca 3rd parties/partners (non IBM NOC): 1st level = On-boarding team (obtains and confirms the Line/Task Manager approval) 2nd level = On-boarding team (obtains and confirms the Application Service Manager/System Owner or Local S Security Manager (LSSM) approval)
Note: The e-mail approval should include, the fully completed form as an attachment, and is required from each of the 1st and 2nd Level approvers above. It should include the Approvers job title and confirmation that all items on the form have been read, understood and agreed. If you are still unsure on where to send this form, to obtain approval, please contact your Local IS Security Manager (LISSM). Click here for the IS Security Managers List.
4. Once approved by the 1st and 2nd Level approvers above, the completed form and full e-mail trail is to be sent to your regional BM T Service Desk. $eden: TServicedeskSweden@astrazeneca.com UK: itsd@astrazeneca.com U$: usuwhelpdesk.azcscfishkill@astrazeneca.com ROW: BangaloreROWTServiceDesk@astrazeneca.com
5. BM T Service Desk will issue an ncident Request. O f privileged access is requested, they will forward the completed and approved request, for 3rd Level approval (of the relevant Pharos request raised) to the BM System/Service owner for approval.
Note: The Pharos request is raised by the IBM Global Access Support Enterprise, Bangalore. Please retain your Incident Request Number should progress tracking be required with the IBM IT Service Desk. If there is no related incident ticket or completed form attached to the ticket, your request will be rejected.
6. Satisfactory approval will result in access being granted and you will be informed when this has been completed.
AstraZeneca Global Request for Service, Special - Single Purpose and Special - Testing Account Access
Copyright IBM 2009, 2011. All rights reserved. Page 2 oI 4 Template: AZ-Global-TMP-0256-V03.00 Parent Document: AZ-Global-WI-0287
Mandatory settings required for $ervice, $peciaI - $ingIe Purpose and $peciaI - Testing accounts
Special - Single Purpose (Account Type 33)
O A shared account with some privilege. O Should only be used for specific purposes O Owner's PRD should be recorded. O Additional business processes are normally required to fully implement these types of account.
Example - Software installer; created as part of software install process.
Special - Testing (Account Type 34)
O Should have minimum essential access only, dependent on testing purpose O Account expiry must be set for up to 1 year only O Owner's PRD should be recorded.
Example - Specific testing purpose.
Service (Account Type 63)
O Should not be used by individuals, but can be logged onto for emergency problem diagnosis purposes. O Password can be fixed. O May be set to 'Never Expires' O Renaming may not be possible. O May not be able to use PRD if name cannot be changed. O Change management of scheduled activities must be maintained and reviewed. Special detection rules apply. O Owner's PRD should be recorded. O Additional business processes are normally required to fully implement these types of account.
Example - Day to day operational use for scheduled activities; e.g. backup of servers. nstalled by facilitating software. Note: the term 'Service' here refers typically to an internal software service rather than a general T service. Accounts used to manage or support an T service like a service desk or application support service should instead use the account type Shared general, or Mail General for resource/functional mailboxes.
AstraZeneca Global Request for Service, Special - Single Purpose and Special - Testing Account Access
Copyright IBM 2009, 2011. All rights reserved. Page 3 oI 4 Template: AZ-Global-TMP-0256-V03.00 Parent Document: AZ-Global-WI-0287
!lease verify the * mandatory fields are populated Request DetaiIs
Service Account Special Single Purpose Account Special - Testing Account
New account Change account
Account Name* max. 30 characters) Request date* dd-mmm-yyyy) ProcessAndTools 26-Sep-2011 Account Prid leave blank if to be allocated by IBM) Domain* e.g. EMEA, RD etc...) astrazeneca.net Account Oner* Prid* Ruane, Edward kljp858 Deputy 1* Prid* ornman, Reid ksjb522 Deputy 2 Prid Orchard, James kfxt054 Deputy 3 Prid Mageshwaran, Shanker kkql822
ogon restricted to the foIIoing equipment* !lease specify any servers /workstations that the account logon should be restricted to.)
AdditionaI Access* !lease specify any !haros profiles and/or AD groups/servers required. When stating any privilege access. Do not under any circumstances ask for higher privileges than necessary.) XAZ-SD Application Deployment, XAZ-Global Client Administrators Purpose of the account* !lease explain why the account is needed and the function it will provide. Verify that no other solution than the account type requested is available.) This application will be used by the Client Refresh Process and Tools team. The account will serve 2 purposes: 1. t will be used by a scripted job that advertises the Vista SP2 packages to end users (XAZ-SD Application Deployment) 2. t will be used by a scripted job that scans end user machines to verify upgrade files are on a users machine and also confirm when the user completed the upgrade (XAZ- Global Client Administrators) Business Justifcation* !lease provide a business justification for why this access is required. Include as much supporting information as possible.) The Vista Service Update Program (run by Client Refresh) is responsible for upgrading all in scope Vista machine to SP2. This process requires the advertisement of the application and verification ot its installation. Comments* !lease specify for example why additional access is needed or why any changes are required to the account.)
Approver DetaiIs
AstraZeneca Global Request for Service, Special - Single Purpose and Special - Testing Account Access
Copyright IBM 2009, 2011. All rights reserved. Page 4 oI 4 Template: AZ-Global-TMP-0256-V03.00 Parent Document: AZ-Global-WI-0287
Authorising Line/Task Manager name* PRD* Brian Grubb kzp397 Application Service Manager/System Owner or Local S Security Manager name* PRD* Joseph M Kuss kIkm986
As approver for PriviIeged access, I have read and understood the foIIoing:
O All privileged access to systems, servers and applications is a risk to AstraZeneca. O Privileged Access is granted to a limited number of individuals only on the basis of need. O BM may not be liable for system integrity issues in this system related to the use of this access. O Privilege access should not be any higher than is needed to perform the business tasks according to business justification.
Note - an approval from each of the following sections must be provided in the email trail Approved by Authorising ine/Task Manager
* hereby confirm that the requested permission is necessary in order for the applicant to carry on their job. have informed the applicant to follow the rules for S personnel defined in the AZ Unified ntegrated Assurance Standard (click here for AZ Unified ntegrated Assurance Standard link) and that applicant shall follow AstraZeneca's policy and Change management process. will immediately follow the appropriate process for the removal of this privileged access should it no longer be required. our agreement is your approval e-mail with associated date, please send to regional IBM IT Service Desk as instructed at the top of this form)
Approved by AppIication $ervice Manager/$ystem Oner or ocaI I$ $ecurity Manager not needed when application regards termination of existing permissions) * confirm that am in agreement with this request for the high level of access required to the system, service or application. our agreement is your approval e-mail with associated date, please send to regional IBM IT Service Desk as instructed at the top of this form)