Measure No. 5

Employees and their roles

Detailed checklist, divided into organisational and technical points.

  • Define who is in charge of IT
  • Define the role concept
  • Define the access rights for each employee
    1. Which employees can access which folders?
  • Check and restrict management access rights as well
  • Check the (local) administrator access
  • Change default passwords
  • Define the processes for when employees join and leave the company
  • Create password rules for employees
  • Link and restrict defined roles with/using the access rights

Why do all of this?


Your guarantee for secure, functioning IT.
Who can access which data? Those responsible have to ask themselves this question not only for security reasons, but also because of various legal requirements. After all, confidential figures or information should not be accessible to just anyone, not even if these are trustworthy people like your employees. But the devil is in the details. First of all, you need to consider how your data should be structured in a meaningful way. Especially if the data is not simply stored on the personal PC – as recommended – but rather on a server or in the cloud, it should be stored using a logical structure and with an understandable name. The reason: data can only be approved for certain user groups if it is stored in a really clearly structured way.

Who will support me in my region?