DSS05.04 Manage User Identity and Logical Access (3 of 4)

User access rights are requested by user management, approved by the system owner and implemented by the security-responsible person. User identities and access rights are maintained in a central repository.

Illustrative Controls and the TIBCO LogLogic Solution

Ensure that user access rights are properly requested, approved, and implemented. A control process must exist and be followed to periodically review and confirm access rights.

To satisfy this control objective, administrators must periodically review all privileged user access to servers and applications that are related to the financial reporting process. Also, Administrators must ensure that new users or users assigned to new groups have the appropriate level of access. Administrators can select a sample of new users created and permissions modified recently and determine if management approved their access and the access granted agrees with the access privileges that were approved.

Monitor and verify that all users have access to programs and data. Review access levels to ensure there is segregation of duties and all access privileges are properly assigned and approved.

Reports and Filter Bloks

Use the following link or reference to see the DSS05.04 manage user identity and logical access (3 of 4) control reports and filter bloks: TIBCO LogLogic Reports and Filter Bloks for Sarbanes-Oxley and COBIT 2019.