Staff access what they need. Nothing more.
VPN access controlled at user and group level. Finance staff reach finance systems. Contractors get scoped, time-limited access. No blanket network access for anyone.
Zero
blanket network access for any user or role
Auto
expiry on all contractor and third-party accounts
Quarterly
access reviews as standard
12 months
policy change audit trail retention
Access policy capabilities.
Role-Based Access Control
VPN access policies defined per role, not per individual. Finance staff reach finance systems. Operations staff reach operations systems. No blanket access to the entire network for anyone.
Group Policy Inheritance
Access policies applied at group level and inherited by members. When a staff member changes role, moving them to the correct group updates their access instantly across all systems.
Contractor and Third-Party Access
Contractors and third-party suppliers given scoped VPN access limited to the specific systems they need. Access automatically expires at project end. No manual cleanup required.
Time-Limited Session Controls
VPN sessions configured with maximum duration limits. Idle sessions disconnected automatically. Prevents forgotten connections from remaining open indefinitely and creating unnecessary exposure.
Least Privilege Enforcement
Every access policy reviewed against the principle of least privilege. Staff access only what their role requires. Excess permissions identified and removed during initial configuration and quarterly reviews.
Access Policy Audit Trail
All access policy changes logged with timestamp, administrator, and reason. Full audit trail available for compliance reviews. Policy history retained for 12 months as standard.
From access mapping to least privilege enforcement.
Access Requirements Mapping
We map which systems and data each role in your organisation needs to access remotely. Existing access compared against actual job requirements. Excess permissions identified.
Group Structure Design
Access groups designed to reflect your organisational structure. Policies defined per group. Contractor and third-party access tiers created with appropriate restrictions and expiry rules.
Policy Configuration
Access policies configured in your VPN platform. Group memberships set. Time limits and idle session rules applied. Contractor access tiers tested with scoped accounts before go-live.
User Migration and Testing
Existing users migrated to the new group structure. Each role tested to confirm access to required systems and denial of access to out-of-scope systems. Issues resolved before full rollout.
Administrator Training
Your IT team trained on managing group memberships, creating contractor accounts, and reviewing access logs. Runbooks provided for common tasks including new starters and leavers.
Quarterly Access Reviews
Scheduled quarterly reviews of all access policies. Dormant accounts identified and removed. Role changes reflected in group memberships. Contractor access confirmed as expired or extended.
Access policies in practice across the UK.
Challenge: A Sheffield manufacturer had all remote staff connecting to the same VPN with full network access. An IT contractor had the same access as the finance director. No access controls were in place.
Outcome: Role-based access policies configured across six groups. Contractor access scoped to specific systems only. Finance systems isolated from operations staff. Cyber Essentials audit passed.
Challenge: A Bristol law firm needed to give a third-party IT supplier temporary access to their systems for a migration project without exposing client data or other practice management systems.
Outcome: Scoped contractor VPN access configured with 30-day expiry. Supplier access limited to migration target systems only. Access automatically expired at project end. Full audit log retained.
Challenge: A Leeds retail group had high staff turnover and no reliable process for removing VPN access when staff left. Former employees retained active VPN credentials for months after leaving.
Outcome: Access policies integrated with HR system. Leaver process updated to include VPN account suspension on day one. Quarterly access reviews introduced. No dormant accounts found at first review.
Find out who has access to what on your network.
Our free access policy review maps your current VPN permissions, identifies excess access, and shows you how to apply least privilege controls without disrupting your team.