DS5.3 Identity Management (3 of 4)
User access rights are requested by user management, approved by the system owner and implemented by the security-responsible person. User identities and access rights are maintained in a central repository.
Illustrative Controls and the TIBCO LogLogic Solution
Ensure that user access rights are properly requested, approved, and implemented. A control process must exist and followed to periodically review and confirm access rights.
To satisfy this control objective, administrators must periodically review all privileged user access to servers and applications that are related to the financial reporting process. Also, Administrators must ensure that new users or users assigned to new groups have the appropriate level of access. Administrators can select a sample of new users created and permissions modified recently and determine if management approved their access and the access granted agrees with the access privileges that were approved.
Monitor and verify that all user access to programs and data. Review access levels to ensure there is segregation of duties as well as all access privileges are properly assigned and approved.
Reports and Alerts
Use the following link/reference to see the DS5.3 reports and alerts: DS5.3 (3/4).