What would you improve about your user access review process?

Identity & Access Management (IAM)Governance, Risk & Compliance
2.5k views1 Upvote5 Comments
IT Strategist in Government, 1,001 - 5,000 employees
Having guidelines and tools helping to guide users and decision makers through the process will help with clarity and expedite the whole process.
Secure Facilities Information Technology Manager in Manufacturing, Self-employed
I would be nice to have an automated process that flags users who have not accessed certain applications within certain time periods, especially when it comes to individual seat licenses. 
2
Director of IT in Healthcare and Biotech, 10,001+ employees
Ensuring access is provided quickly, allowing managers to easily change the role profile and entitlements, and creating tools to help staff do this work without IT involvement. 
1 1 Reply
CIO in Services (non-Government), 201 - 500 employees

And doing ALL of that securely; that's the balance we all have to try to take into account. quickly and easily is great as long as we can secure it.

Director ERP Management in Travel and Hospitality, 1,001 - 5,000 employees
I used to review user access for our ERP system which was subject to annual external audit. Initially semi-annual review cycle was ok, then we moved to quarterly reviews and then monthly. I would classify access levels into at least two groups; Users and Elevated Access (Admins) groups. Admins access reviews would be more frequently and thorough vs. Users. E.g. if report shows an Admin access was updated within review period, the Admin's manager approval for access change must be documented. I would improve the process by adding a change log report to the audit procedures. 

Content you might like

What is the top data governance issue?

Data GovernanceGovernance, Risk & ComplianceSecurity Frameworks (NIST, CIS, CSF)

Limited resources16%

Siloed data43%

Lack of leadership19%

Poor data quality & context11%

Lack of data control9%

Other (please explain in the comments)0%


433 PARTICIPANTS
1.1k views

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & LeadershipStrategy & ArchitectureCloud+57 more
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
143 19 Replies
Read More Comments
47.2k views133 Upvotes326 Comments

Does anyone have any guidance, tips, and/or templates to share to help establish Identity Access Management governance as a part of an overarching Identity Governance and Administration program?

Process ManagementIdentity & Access Management (IAM)
2.2k views2 Upvotes1 Comment

What are your thoughts on SaaS management platforms (SMP)?

People & LeadershipStrategy & ArchitectureCloud+87 more
2.8k views5 Upvotes

Has your organization been hit by ransomware in the last 6 months?

Governance, Risk & ComplianceSecurity & GRCRisk Management+4 more

Yes28%

No, but we expect to be hit in the future.48%

No, and we don't expect to be hit by ransomware in the future.24%


242 PARTICIPANTS
2.2k views1 Upvote2 Comments