What would you improve about your user access review process?
Sort by:
Director of IT in Healthcare and Biotech3 years ago
Ensuring access is provided quickly, allowing managers to easily change the role profile and entitlements, and creating tools to help staff do this work without IT involvement.
no title3 years ago
And doing ALL of that securely; that's the balance we all have to try to take into account. quickly and easily is great as long as we can secure it.
Secure Facilities Information Technology Manager in Manufacturing3 years ago
I would be nice to have an automated process that flags users who have not accessed certain applications within certain time periods, especially when it comes to individual seat licenses.
IT Strategist in Government3 years ago
Having guidelines and tools helping to guide users and decision makers through the process will help with clarity and expedite the whole process.
I used to review user access for our ERP system which was subject to annual external audit. Initially semi-annual review cycle was ok, then we moved to quarterly reviews and then monthly. I would classify access levels into at least two groups; Users and Elevated Access (Admins) groups. Admins access reviews would be more frequently and thorough vs. Users. E.g. if report shows an Admin access was updated within review period, the Admin's manager approval for access change must be documented. I would improve the process by adding a change log report to the audit procedures.