Our Access Recert Process
Each 6-8 Week Cycle
Our Access Recert process takes place over a period of 6-8 weeks. This includes obtaining the necessary data, preparing it, reviewing the access, and sharing that back with you.
It tends to be repeated on a quarterly basis to support timely, ongoing risk mitigation.
Here follows a brief description of each stage in the process. For more information, please get in contact with us so that we can talk you through it in more detail.
Prepare Data
We take the information, that is obtained from various sources, and pull it together to make it readable for both our Access Recert Tool and consequently the managers reviewing it.
Receive Access Information
Each recertification cycle begins when the required data is received. Please see Client Pre-requisites for a complete list of information.
Send Reviews
With the data prepared, we now send access review files to line managers to recertify. Managers receive the information in a user-friendly format that ensures completing the review is a simple undertaking.
Identify Orphan & Leaver Accounts
Once the data is prepared, we can identify both leaver and orphan accounts. Using leaver lists and/or HR data we identify accounts of those users who have left. These will be sent to you for revocation. Any accounts that we are unable to identify will be labelled as orphans.
Share Recertification Output
Once the cycle is complete we will share the output, allowing you to revoke any access that is no longer required.
Chase Nil Responses
Although the majority of responses are received within the first week, additional follow-up is required for a more complete recertification cycle. In our process, that includes sending an additional email to the line manager before escalating to their manager for a response.
Client Prerequisites
Provide The Following
- Access control lists (ACLs)
- Entitlements descriptions
- Application descriptions
- HR data
- Leavers lists
- Line manager substitutions
Communication
Agree communications for the recertification cycle (e-mails to line managers etc.)
Communicate the activity – only relevant for the first few cycles.
Support
Provide support – escalation for difficult cases, share local knowledge.
Input to regular discussions on recertification progress.