Search
Updated on January 25, 2024

AUTH-8 Requesting and Approving access

Estimated reading: 2 minutes 1667 views

What is AUTH-8 Requesting and Approving Access Control?

Requesting and approving access, or access request management, is the process of receiving, evaluating, and either approving or denying user requests to interact with organizational resources. Controlling the request and approval of access to critical systems can help reduce risk and improve efficiency. Managing access requests is best practice and mandatory.

It is best practice for this access request to have a legitimate reason (new hire, new role, job duties, new project, etc.) and to be approved by a legitimate employee (ideally a manager, the administrator of the system, or the program being requested).

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below, as we haven’t personally used them.

Managing Access Authorization Tools
Integrify
Centrify

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version:

  • N/A: no template recommendation

Control implementation

To implement this control,

  1. Implement a formal and repeatable process to initiate access requests for new hires, including contractors, and for current employees.
  2. Ensure the process includes an approval flow and approval is captured.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action:

  1. Provide an example of a completed access request ticket, checklist, or form that shows the initiation request.
  2. Provide an example of a completed access request ticket, checklist, or form that shows the approval.

Evidence example

For the suggested action, an example is provided below:

  1. Provide an example of a completed access request ticket, checklist, or form that shows the initiation request.
    The following screenshot shows an access request ticket and its approval.
    AUTH 8 Requesting and Approving access 01

Join the conversation

ON THIS PAGE
SHARE THIS PAGE

SUBSCRIBE
FlightSchool
Trusty

Want to see how to turn GRC into a profit center?

Ready to save time and money on audits, pass security reviews faster, and manage enterprise-wide risk? Let’s talk! 

Learn More
TrustCommunity

The #1 Community for Security, Privacy, and GRC Professionals.

© 2024 TrustCloud Corporation. All rights reserved.
TrustCloud® and TrustOps® are registered trademarks of TrustCloud Corporation.

Facebook Linkedin Youtube Rss

Resources

Platform

TOPICS

ABOUT US

AICPA
Monitored by TrustCloud

💛 Joyfully Crafted to Elevate GRC Leaders into Trust Champions.

OR