What are Access Reviews?
To put it simple: Access Reviews make sure the right people have the right access level to applications.
Background
Companies have to meet the requirements of regulatory standards and compliance frameworks like GDPR, ISO27001, PCI DSS and HIPAA. Regulations may require periodic access reviews to assess who has access, to which systems, and the level of access. In Squarum we approached the problem by talking to our customers and walking through the current processes and tools together. We talked about the key challenges, identified the goods, the bads and the uglies of the current approaches to User Access Reviews, and came up with a functional, efficient and easy-to-use formula. Our Access Reviews are easy to use, with a simple but powerful user interface for both administrators and reviewers.
The simple steps of an Access Review
- Start by registering at Squarum if you haven’t done so already.
- Choose the app to be reviewed and add the users.
- Create a new review for the selected app, configure the app owner and ensure the app owner sets up the Access Review successfully (users and reviewers).
- Activate the Access Review. The Reviewers get an email with a link to the Squarum Reviewer Portal. The Squarum Reviewer Portal is used to review and approve or revoke the access.
- Reviewers log in to the Portal using Microsoft SSO or a one-time password. When the Reviewer is finished with reviewing all users assigned to him/her, the Reviewer separately confirms that the review is ready.
- When all Reviewers have completed their user reviews, the Access Review is automatically set to ‘Finished’.
- When the Access Review is in the ‘Finished’ state, the admin can take the actions required to complete the Access Review.
- When Completing the Access Review, a PDF-file is generated and attached automatically on the Access Review page.