Access rights reviews, sometimes called entitlement reviews, reduce unwarranted data access by aligning user rights and file permissions with corporate policy. Establishing an access rights review workflow helps organizations build a repeatable process for permissions management, which is required by regulations like PCI DSS and SOX. Organizations should maintain an audit trail of the entitlement review process by recording whether reviewers accept or reject existing access rights, and any permissions management changes that are required.
|In this customer story a telecommunications provider implemented an access rights review process for compliance with SOX regulations. SecureSphere provided data owners with weekly reports of current file permissions, access activity, and permissions changes, which are approved or rejected to complete the entitlement review process.|