Policy Requirements
Permissions policy requirements are as follows:
-
Confirm permissions applicability
Not all proposed solutions may be permissions related. The permissions standard has identified a set of criteria questions to assist entities in determining applicability of permissions guidance.
-
Comply with legislation and regulation
An entity must comply with any legislation relevant to its circumstances.
-
Identify permissions related roles
Permission business processes can be depicted through relevant use cases and the identification of key roles.
-
Identify permissions decision type
Permissions decisions are typically in response to either an immediate or known future need. Identifying the decision type assists in shaping design of business and technology systems underpinning operations.
-
Align operational and technological needs
Entities should analyse and assess their specific needs, and develop a comprehensive set of technology, business, service, and compliance requirements.
-
Apply a risk-based approach to permissions
The assessment and management of risks associated with the handling of permissions should inform design and investment decisions.
-
Lower development and maintenance complexity of permissions solutions
Adopt supplier guidance and industry best practice during the solution design and development phases of the solution implementation.
-
Ensure the ongoing viability of permissions solutions
Entities should ensure continual improvement of processes, and features, data, security, technology, skills, and cost should remain a focus to maximise functionality, reduce risk, and minimise accumulation of technical debt.
-
Adhere to reuse principles
Entities should give priority to the adoption of reuseable digital and ICT solutions, patterns, or knowledge, and, where necessary, design new solutions with a focus on future reuse.