LogoLogo
  • TRUST CENTER
    • Trust Center Syntphony
    • Security
      • Security Organizational Model
      • Security Governance Approach
      • Security Risk Management
      • People Security
      • Identity and Access Management
      • Secure Software Development
      • Acceptable User of Assets
      • Security Operations & Security Incident Management
      • Security in IT Operations
      • Physical Security
      • Suppliers Security Management
    • Conformity
    • Business Continuity
      • Business Continuity Approach
    • Support Model
      • Customer Support Policy
        • Support Plans
          • Support Case Severity
          • Support Limitations
          • Technical Account Manager
        • Value Added Services
          • Product Upgrade Plan
          • Case Escalation
          • Lifecycle Policy And Legacy Support
          • Proactive Business Monitoring
      • Service Level Agreements
        • Definitions
        • Customer Obligations
        • Service Credits
          • Maximum Financial Credit
        • Exclusions
      • Pricing
  • PRODUCTS
    • Compliance Management
      • Infrastructure
      • Conformity
      • Support Model
        • Customer Obligations
        • SLA Subscriptions
          • Services
          • Incident
          • Service Request & change Management
          • System availability
          • Limitations
          • Definitions
          • Overarching services
          • Sandbox workspace
        • Business Continuity
        • Security
    • Content Services
      • Privacy
        • Manages Privacy - SaaS
        • Manages Privacy - On Premise
      • Infrastructure
      • Conformity
    • Conversational AI
      • Privacy
      • Infrastructure
      • Conformity
    • Employee Intranet
      • Infrastructure
      • Conformity
    • Immersive Experiences
      • Privacy
        • Meta Privacy Notice
        • Meta Privacy Notice - NAKA
      • Infrastructure
      • Conformity
    • Intelligent Automation
      • Privacy
      • Infrastructure
      • Conformity
    • Intelligent Document Processing
      • Privacy
      • Infrastructure
      • Conformity
    • Knowledge Search
      • Privacy
      • Infrastructure
      • Conformity
    • Learning Tech
      • Privacy
      • Infrastructure
      • Conformity
    • Loyalty
      • Privacy
      • Infraestructure
      • Conformity
    • Mobility Management
      • Privacy
      • Infrastructure
      • Conformity
    • Operation Transformation Strategy
      • Infrastructure
      • Conformity
    • Payments
      • Privacy
      • Infrastructure
      • Conformity
    • Perfect Store
      • Infrastructure
    • Pricing Management
      • Infrastructure
    • Process Management
      • Privacy
      • Infrastructure
      • Conformity
    • Sales
      • Privacy
      • Infrastructure
      • Conformity
    • Security Privacy and Integrity Platform
      • Infrastructure
    • Short-term Power Trading
      • Privacy
      • Infrastructure
      • Conformity
    • Smart Multi-cloud Management
      • Privacy
      • Infrastructure
      • Conformity
    • Stations
      • Privacy
      • Infrastructure
      • Conformity
    • Virtual Care
      • Privacy
        • Manages Privacy - SaaS
        • Manages Privacy - On Premise
      • Infrastructure
      • Conformity
Powered by GitBook

About us

  • Syntphony website
  • NTT DATA Syntphony solutions

Syntphony © NTT DATA Spain, S.L.U 2025 - All rights reserved

On this page

Was this helpful?

Export as PDF
  1. TRUST CENTER
  2. Security

Identity and Access Management

The roles and responsibilities related to identity and access management are defined for Corporate Security, System Administrator, System Owners and End Users in the Identity and Access Management Standard.

Security requirements for end user accounts, privileged user accounts, break-glass user accounts and service/application accounts are also established, including aspects such as account differentiation, uniqueness, traceability, validity, access rights, lockout policy, deactivation and deletion.

Access to corporate resources is only allowed via encrypted communication channels with multi-factor authentication. It also lists the accepted authentication methods, such as password, PIN and biometric factors. The security requirements for password and PIN creation, complexity, expiration and history are defined.

Access rights management processes are guided by the "need to know" and "least privilege" principles.

Privileged accounts and access rights go through a formal request and approval process.

All accounts and access rights are reviewed at least annually to determine if they are still needed or not.

PreviousPeople SecurityNextSecure Software Development

Last updated 4 months ago

Was this helpful?