As users may need to be given temporary access to some areas of your system to complete one-off jobs, or their permissions may be adjusted multiple times in line with changing job roles, it is good practice to ensure that all of your users’ permissions are subjected to regular formal reviews. This will allow you to ensure that each user has the appropriate level of access to complete their jobs, and help you to confirm that no one has unnecessarily high permissions to any part of your system. These reviews will also help you to safeguard the security of your data and to meet the requirements of security-based certifications such as ISO 27001, by allowing you to ensure that you are properly controlling access to each module and to key areas such as module settings and System Administration.
To help you manage permissions more effectively, Activ provides a dedicated Permissions Review feature that allows you to schedule formal permissions reviews against each of your users, and to specify who is responsible for carrying each review out. Activ will then alert the assigned user to the review as its due date approaches (if they have the appropriate notifications enabled; see System Administration Alerts and Reminders), and provide a formal process with which to complete the current review and schedule the next. As part of the review process, the reviewer will be able to adjust the user’s permissions and enter notes explaining any changes, and the details will automatically be logged within your system to provide you with a record of each review. For convenience, this record is stored in two locations:
- within a dedicated Permissions Review Log, which will record the date of each review, who completed it, and when the next review was scheduled for; and
- within the user’s Permissions Change Log, which will record any changes that were made to the user’s permissions as part of the review.
Formal Permission Reviews can be scheduled and completed by anyone who has ‘Admin’ access to the System Administration: Administrator area, and are managed from each user’s Login Permissions tab.
