What would you improve about your user access review process?

2.5k views1 Upvote5 Comments

IT Strategist in Government, 1,001 - 5,000 employees
Having guidelines and tools helping to guide users and decision makers through the process will help with clarity and expedite the whole process.
Secure Facilities Information Technology Manager in Manufacturing, Self-employed
I would be nice to have an automated process that flags users who have not accessed certain applications within certain time periods, especially when it comes to individual seat licenses. 
Director of IT in Healthcare and Biotech, 10,001+ employees
Ensuring access is provided quickly, allowing managers to easily change the role profile and entitlements, and creating tools to help staff do this work without IT involvement. 
1 1 Reply
CIO in Services (non-Government), 201 - 500 employees

And doing ALL of that securely; that's the balance we all have to try to take into account. quickly and easily is great as long as we can secure it.

Director ERP Management in Travel and Hospitality, 1,001 - 5,000 employees
I used to review user access for our ERP system which was subject to annual external audit. Initially semi-annual review cycle was ok, then we moved to quarterly reviews and then monthly. I would classify access levels into at least two groups; Users and Elevated Access (Admins) groups. Admins access reviews would be more frequently and thorough vs. Users. E.g. if report shows an Admin access was updated within review period, the Admin's manager approval for access change must be documented. I would improve the process by adding a change log report to the audit procedures. 

Content you might like

Limited resources16%

Siloed data43%

Lack of leadership19%

Poor data quality & context11%

Lack of data control9%

Other (please explain in the comments)0%



CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
47.2k views133 Upvotes326 Comments


No, but we expect to be hit in the future.48%

No, and we don't expect to be hit by ransomware in the future.24%


2.2k views1 Upvote2 Comments