Like many other public bodies, we are now mandated to comply with the requirements of Cyber Essentials: https://www.gov.uk/government/publications/cyber-essentials-scheme-overview
In addition, we are preparing for the introduction of the General Data Protection Regulations.
Given that Service Manager may contain sensitive information, we are looking at ways of making access more secure. Currently log-in security is limited to AD authentication. Would it be possible to limit access even further by only allowing access by set IP address with any other access requiring 2 factor authentication?