>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

IDM-05Regular review of access rights

>Control Description

Access rights of internal and external employees of the Cloud Service Provider as well as of system components that play a role in automated authorisation processes of the Cloud Service Provider are reviewed at least once a year to ensure that they still correspond to the actual area of use. The review is carried out by authorised persons from the Cloud Service Provider's organisational units, who can assess the appropriateness of the assigned access rights based on their knowledge of the task areas of the employees or system components. Identified deviations will be dealt with promptly, but no later than 7 days after their detection, by appropriate modification or withdrawal of the access rights. Additional criteria: Privileged access rights are reviewed at least every six months.

Ask AI

Configure your API key to use AI features.