DSS05.04 Manage User Identity and Logical Access (2 of 4)

User access rights to systems and data must be in line with defined and documented business needs and job requirements.

Illustrative Controls and the TIBCO LogLogic Solution

Accurately managing user access rights addresses the issues of unintended or malicious modifications of financial data. Deficiencies in this area might allow unauthorized modifications that could lead to errors in financial reporting.

To satisfy this control objective, administrators must periodically review user access to files and programs to ensure the users have not accessed items outside of their role. Administrators must select a sample of users who have logged in to financial reporting servers and review their access for appropriateness based upon their job functions.

Monitor and verify that all users have access to programs and data. Review this access to ensure there is segregation of duties and all access privileges are properly assigned and approved.

Reports and Filter Bloks

Use the following link or reference to see the DSS05.04 manage user identity and logical access (2 of 4) control report and filter bloks: TIBCO LogLogic Reports and Filter Bloks for Sarbanes-Oxley and COBIT 2019.