Discussions

 View Only

  • 1.  Access Account Recertification Process / Tools?

    Posted 05-04-2023 03:54 PM
    Greetings,
    Does you have a workable account access recertification process in place, across multiple systems? 
    If so, would you please share details on your process and/or tools?
    Complying with a recommendation to, "...perform a complete recertification of access rights for all critical and sensitive systems, networks, and applications" on a regular basis is proving onerous. This would, of course, need to extend beyond Veracross, and include everything from AD and Azure to Magnus and any other service we run or SaaS we subscribe to. 
    Much appreciated,
    Jim


    #ITSystemsandSupport
    #CybersafetyandDataSecurity

    ------------------------------
    ----
    Jim Anderson
    The Packer Collegiate Institute
    Brooklyn NY
    ------------------------------


  • 2.  RE: Access Account Recertification Process / Tools?

    Posted 05-11-2023 07:47 AM

    I maintain a list of databases and employees who have access to them. As employees leave part of the offboarding process is to close down their access to all those systems. It has gotten a little mushy with retired employees continuing as consultants for a year, but I still have a marker on my calendar to cut them off on July 1.
    The other end is as someone is brought on board I set up their access and add them to the list of people who have access to the various programs, or if they change jobs and have access added I add them to my list.
    I guess my annual audit is on July 1 when I cut off the old users.



    ------------------------------
    Hayley Gunther
    Academy of the New Church Secondary Schools
    Bryn Athyn PA
    ------------------------------

    Original Message


Related Content