Overview
One of the hallmarks of a good information security program is that we have policies and procedures around Access Control. To sum it up, we want people to have access to the bare minimum amount of data they need to complete their job duties. Best practice says that we need to have a supervisor review each employee’s access permissions once a year to make sure that their access is correct.
The article provides advice for managers on how to complete the Access Review Report.
Instructions
Locate Your Access Review Report
- Go to Google Drive.
- Click Shared with me in the menu on the left.
- In the header of the list, click on Share date and sort with the most recent share at the top.
- Open the file Access Report: Your Name Here. The information for the file will list that it is shared by Jodie Reminder on May 8th.
Note: Access Review Reports are shared with managers. Contact ITS (its@anderson.edu) if you are a manager who has not received your Access Review Report.
Complete the Access Review Report
For each line of the report, review the employee name (A), their group membership/description (B), and check the Remain box (C) for them to keep access or the Remove box (C) for them to lose access to technology resource listed. If you are unsure of the purpose of a particular access group, enter a Comment/Question (D) and ITS staff will provide you with more information. If you are not the manager of an employee on your list, please contact WLE to have Paycom updated to the correct manager and enter "Not manager" in the Comments/Questions column. Once you have finished your review, please enter your name in the yellow signature box (E) to electronically sign this Access Review Report:
Questions? Need Help?
If you have questions or need some help, please let ITS know by submitting a Raven Solutions request.