Hello Advisera Team,
a question to this control: A.9.2.5 Review of user access rights.
What we need and what we have now there is that user access rights are reviewed when there is a change in employees status (e.g. department or position is changed).
Is it enough or is periodical review meint here?