The Tech stack is a list of all the technology that MUI currently uses to support the business. The Tech stack lists systems/applications/tools/data used by all departments and details the business purpose/description, the owners, the provisioners, the teams that access the tool, and other details.
This is true
if 2FA can be enforced. Set it to false
if we are able to configure 2FA but we can’t enforce it at the organization level.
People in charge of granting and removing team members’ access to a tool.
A minimum of two provisioners/deprovisioners should be named for every tool because of the bus factor.
Also, see ‣
Red. Restricted and must remain confidential. This is MUI’s most sensitive data and access to it should be considered privileged and must be explicitly approved. Exposure of this data to unauthorized parties could cause extreme loss to MUI and/or its customers. In the gravest scenario, exposure to this data could trigger or cause a business extinction event.
Examples include:
Orange. Data is subject to laws and regulations that should not be made generally available. Unauthorized access or disclosure could cause significant or financial material loss, risk of harm to MUI if exposed to unauthorized parties, break contractual obligations, and/or adversely impact MUI, its partners, employees, contractors, and customers.
Examples:
Yellow. Data and information that should not be made publicly available that is created and used in the normal course of business. Unauthorized access or disclosure could cause minimal risk or harm and/or adversely impact MUI, its partners, employees, contractors, and customers.
Examples:
Green. Data that is publicly shareable and does not expose MUI or its customers to any harm or material impact. Examples: