Access Review Process
Establish the access review process to compensate for possible weakness in the user registration, de-registration, and access provisioning processes.
Scope
This Process applies to all Information Asset Owners and all related parties to prevent unauthorized access to Information Assets.
This Process applies throughout the Corporate Group as part of the information security management system framework.
Process Diagram
Procedures of Process
1
Create Access Review Request Form
Access Review Request Form is filled-in Ticketing Platform. Information Assets must be and any limitations in scope may be filled-in.
Filled-in Access Filled-in Access Review Request Form Form
Requestor
When needed; Once in a year Information Security Manager; Once in 90 days Information Asset Owner of Information Asset compliance in PCI DSS
2
Extract Access List
Access rights list is generated from Information Asset to convenient format for Information Asset Owner to understand.
Generated access rights list from Information asset list
Administrator
2 workdays after request creation
3
Send Access List
Send generated access rights list to Information Asset Owner.
Sent access rights list
Administrator
2 workdays after request creation
4
Review Access List
Review access rights list looking for excessive rights, retired, re-allocated user, or abnormal access. If needed access modifications, it must be done through Access Provision Process.
Reviewed access rights list
Information Asset Owner
2 workdays after getting access rights list
Review and Update
This Process must be maintained in accordance with the Information Security Policy.
Revision History
0.1
LŠ
GK
2023-05-20
2023-05-23
0.2
LŠ
DM
2023-11-02
2023-11-02
0.3
GK
DM
2024-09-10
2024-09-10
Last updated