Expert Advice Community

A.9.2.5 Review of user access rights

  Quote
Nika Created:   Jan 12, 2021 Last commented:   Jan 13, 2021

A.9.2.5 Review of user access rights

Hello Advisera Team, 

a question to this control: A.9.2.5 Review of user access rights.

What we need and what we have now there is that user access rights are reviewed when there is a change in employees status (e.g. department or position is changed).

Is it enough or is periodical review meint here?

Thank you!

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 13, 2021

Please note that control A.9.2.5 of ISO 27001 Annex A states that review shall be performed at regular intervals.

Considering that, reviewing access rights only when there is a change in employees’ statuses is not enough to be compliant with this control, and you must define a periodicity for review.

This article will provide you a further explanation about access control:

These materials will also help you regarding access control:

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2021

Jan 13, 2021

Suggested Topics