When a company creates a Security Matrix there are multiple
factors to consider when deciding on access and level of permission for files. It
is important to consider who has “need to know” privileges within the company
to minimize the risk of each department and ultimately the company. The matrix
that I created is divided by each department into their own category. There are
a total of six in the Security Matrix for the Akron, Ohio location.
Employee Benefits Files
These folders will contain the files of the employee benefits
required by human resource department. These files need to be properly
controlled since it is likely to have Personal Identifiable Information (PII)
of the employees. The human resource department will have full control with the
required read, write, execute needed to properly manage the employee benefits
All related department files and folders will be contained here.
The accounting department and personnel will have full control with the
required read, write and execute permissions to properly manage and control
these accounting documents and files.
Warehouse Inventory Files
All related department documents and files will be stored in the
warehouse inventory folder and related subfolders. The warehouse managers and
supervisors will be required to have full control with the required read, write
and execute needed to properly manage the inventory files.
Warehouse Shift Files
All related documents and files of the warehouse shifts will be
kept properly in the “Warehouse Shift Files” folder and subfolders. The
permissions of full control including read, write and execute permissions will
be reserved for the managers and supervisors. There will be additional
departments that have read access to the warehouse shift files such as
Administrative, Accounting and Human Resources. It could be helpful to know who
is currently working and who will be coming in on the next shift for planning
purposes within some other departments.
These administration files will be available to everyone in the
company allowing access to administrative files that may be required for their
departments. They will have limits like the ability to modify the file however,
they should still be able to take the file, make the changes and save it as a
file with a new name allowing them the ability to update files and store them
in their folders while not having the permission to overwrite the administration
files. Full control with read, write, modify and execute will be reserved for
the administration department. The read, write, read/execute will be given to
the other departments in the company.
These maintenance files will be stored in the janitorial section.
Each department has read and write permissions to will allow any maintenance
request to be published by any department lowering the impact or requirement
for individuals in the maintenance department to need to take phone calls and
write the work request. They will only need to provide someone to ensure that
the maintenance request is valid.
It is important to ensure that each department has required
permissions but not too much to allow disruption of other departments files.
Each of these can be changed in the security matrix as required from the company’s
department managers at any time providing proper request and requirement. It is
important to ensure that we streamline the process to ensure productivity of
the company without the hindrance of other departments having the ability to
make changes to other departments. The security matrix can have exceptions if
required such as allowing certain individuals access to files and folders on a permanent
or temporary basis and the IT administration will have the ability to assist in
this matter. All requests for addition personnel to gain access to files and
folders of other departments will require the department’s manager’s approval
in writing or via email that will be stored locally in a binder.