Hi All,
I'm drafting the Access Control Policy in Conformio.
At chapter "4. Managing records kept on the basis of this document" it asks for the management of 2 types of Records.
one is quite clear, it demands the management of an Access Control Review register.
The second one instead is not totally clear to me, what I don't fully understand is if we need to keep a register for only tracking the privileges (access rights granted to roles or users that usually wouldn't have them) or if we need to track every single access given to all the employees on all the used applications.
Can someone suggest what should be tracked?
Thanks in advance
Best Regards
Igor
Assign topic to the user
Comment as guest or Sign in
Dec 10, 2024