Back to T5.2.4 - P1- REVIEW OF USER ACCESS RIGHTS
The review of access rights should consider the following guidelines:
A. Users’ access rights should be reviewed at regular intervals and after any changes, such as promotion, demotion or termination of employment
B. User access rights should be reviewed and re-allocated when moving from one employment to another within the same entity
C. Authorizations for special privileged access rights should be reviewed at more
frequent intervals
D. Privilege allocations should be checked at regular intervals to ensure that unauthorized privileges have not been obtained
E. Changes to privileged accounts should be logged for periodic review
