# Access Review Process

## Scope <a href="#id-2.-scope" id="id-2.-scope"></a>

This Process applies to all Information Asset Owners and all related parties to prevent unauthorized access to Information Assets.

This Process applies throughout the Corporate Group as part of the information security management system framework.

## Process Diagram <a href="#id-3.-process-diagram" id="id-3.-process-diagram"></a>

<figure><img src="/files/Ontbf6SbArAhBnq9X6YD" alt=""><figcaption><p>Access Review Process</p></figcaption></figure>

## Procedures of Process <a href="#id-4.-procedures-of-process" id="id-4.-procedures-of-process"></a>

<table><thead><tr><th width="60">#</th><th>Procedure</th><th>Description</th><th>Result</th><th>Responsible</th><th>Time limits</th></tr></thead><tbody><tr><td>1</td><td>Create Access Review Request Form</td><td>Access Review Request Form is filled-in Ticketing Platform. Information Assets must be and any limitations in scope may be filled-in.</td><td>Filled-in Access Filled-in Access Review Request Form Form</td><td>Requestor</td><td>When needed; Once in a year Information Security Manager; Once in 90 days Information Asset Owner of Information Asset compliance in PCI DSS</td></tr><tr><td>2</td><td>Extract Access List</td><td>Access rights list is generated from Information Asset to convenient format for Information Asset Owner to understand.</td><td>Generated access rights list from Information asset list</td><td>Administrator</td><td>2 workdays after request creation</td></tr><tr><td>3</td><td>Send Access List</td><td>Send generated access rights list to Information Asset Owner.</td><td>Sent access rights list</td><td>Administrator</td><td>2 workdays after request creation</td></tr><tr><td>4</td><td>Review Access List</td><td>Review access rights list looking for excessive rights, retired, re-allocated user, or abnormal access. If needed access modifications, it must be done through Access Provision Process.</td><td>Reviewed access rights list</td><td>Information Asset Owner</td><td>2 workdays after getting access rights list</td></tr></tbody></table>

## Review and Update <a href="#id-5.-review-and-update" id="id-5.-review-and-update"></a>

This Process must be maintained in accordance with the Information Security Policy.

## Revision History <a href="#revision-history" id="revision-history"></a>

<table><thead><tr><th width="111">Version</th><th>Author</th><th>Approved By</th><th>Revision date</th><th>Approval date</th></tr></thead><tbody><tr><td>0.1</td><td>LŠ</td><td>GK</td><td>2023-05-20</td><td>2023-05-23</td></tr><tr><td>0.2</td><td>LŠ</td><td>DM</td><td>2023-11-02</td><td>2023-11-02</td></tr><tr><td>0.3</td><td>GK</td><td>DM</td><td>2024-09-10</td><td>2024-09-10</td></tr><tr><td>0.4</td><td>GK</td><td>DM</td><td>2025-12-11</td><td>2025-12-11</td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://isms.ops24.eu/access-control-policy/access-review-process.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.