search

Access Review Process

Establish the access review process to compensate for possible weakness in the user registration, de-registration, and access provisioning processes.

hashtag
Scope

This Process applies to all Information Asset Owners and all related parties to prevent unauthorized access to Information Assets.

This Process applies throughout the Corporate Group as part of the information security management system framework.

hashtag
Process Diagram

Access Review Process

hashtag
Procedures of Process

#
Procedure
Description
Result
Responsible
Time limits

1

Create Access Review Request Form

Access Review Request Form is filled-in Ticketing Platform. Information Assets must be and any limitations in scope may be filled-in.

Filled-in Access Filled-in Access Review Request Form Form

Requestor

When needed; Once in a year Information Security Manager; Once in 90 days Information Asset Owner of Information Asset compliance in PCI DSS

2

Extract Access List

Access rights list is generated from Information Asset to convenient format for Information Asset Owner to understand.

Generated access rights list from Information asset list

Administrator

2 workdays after request creation

3

Send Access List

Send generated access rights list to Information Asset Owner.

Sent access rights list

Administrator

2 workdays after request creation

4

Review Access List

Review access rights list looking for excessive rights, retired, re-allocated user, or abnormal access. If needed access modifications, it must be done through Access Provision Process.

Reviewed access rights list

Information Asset Owner

2 workdays after getting access rights list

hashtag
Review and Update

This Process must be maintained in accordance with the Information Security Policy.

hashtag
Revision History

Version
Author
Approved By
Revision date
Approval date

0.1

GK

2023-05-20

2023-05-23

0.2

DM

2023-11-02

2023-11-02

0.3

GK

DM

2024-09-10

2024-09-10

0.4

GK

DM

2025-12-11

2025-12-11

PreviousAccess Provisioning ProcessNextOnboarding and Offboarding Process

Last updated