Access control encompasses the policies, procedures and technologies that regulate who can access specific resources within an organisation. It operates on principles such as least privilege and need-to-know, ensuring that individuals only have the minimum level of access required to perform their duties.
Effective access control is a cornerstone of any information security management system (ISMS) and is explicitly addressed in ISO 27001 Annex A. Organisations typically combine physical controls (badge readers, biometric scanners) with logical controls (role-based access, multi-factor authentication) to create a layered defence against unauthorised access.