Redgate Test Data Manager

Improve your release quality and reduce your risk, with the flexibility to fit your workflow

Redgate Flyway

Automate database deployments across teams and technologies

Redgate Monitor

Understand server performance in an instant with fast deep-dive analysis

See all our products

Overview

Redgate’s end-to-end Database DevOps solutions

Protect

Reliable test data management, automating repetition out of the process

Automate

Automate and accelerate your database change management workflow

Monitor

Monitor your cross-database, multi-platform estate to ensure optimal performance

Access Control Policy

Introduction

This Access Control Policy explains the implementation and management of access control to protect the confidentiality, integrity, and availability of Redgate’s information assets.

Scope

This Policy applies to all Redgaters, contractors, suppliers, and third-party entities that have access to Redgate’s information systems and data.

Policy

Access Control

Access to systems is managed by the IT Operations team or Business System Owners, with requests for access to Restricted information requiring approval by the information owner. Elevated privileged access to critical systems requires approval by first line management and above and the Security Team.

Access to critical systems shall be audited annually.

Termination of employment

Upon notification (by the People Team) of an employee termination or departure, all access to our critical systems must be revoked within 24 hours. Access to non-critical systems will be revoked within a week.

All activities shall be confirmed against the support ticket for audit purposes.

Internal transfers/change of role

For Redgate staff transfers between departments, current employee access that is no longer required will be revoked. Appropriate access will be provisioned by the IT Operations Team based on the new role and at the request of the new Line Manager.

Identity Management

Unless there is a clear, documented business case for not doing so:

  • Access to Restricted information and/or critical systems must be from a Redgate account (or suitable security controls must be in place)
  • All user credentials must be traceable to individual employees
  • Shared access may be appropriate in some circumstances, but these credentials should be phased out wherever possible
  • Shared account information must be kept in shared credential storage, such as approved team password vaults

Authentication Information

Logical access shall require unique username/password combinations (where passwords meet our Password Policy requirements) or SSH keys (where appropriate). Multi Factor Authentication (MFA, 2FA) should be used where available.

Monthly newsletter

Join over 150,000 data professionals

Get the latest best practices, insight, and product news from our industry experts

Get the newsletter