Schibsted maintains control of the access to information, premises, IT Solutions, network elements, and other assets based on business needs such as security, legal and contractual needs.
Schibsted greatly ensures access rights are granted only on a personal “need to have” basis and according to responsibilities and duties. Simply the right person, having the right access, at the right time, and for a legitimate purpose. Access must be granted based on the principles of least privilege.
Regular updates and controls are implemented for the access control systems. Access is controlled to prevent unauthorized access or trespass.
Schibsted has internal requirements to ensure that groups of information processing facilities and users are segregated in the IT solutions and networks to support legal, contractual, and business requirements and protect Schibsted against major service disruptions, incidents, or fraud. The line organization is responsible for implementing access control in ordinary operations and managing and following up procedures.