An access review is the process of performing an access review for an area, role, or identity to confirm that the access is still required and valid. To ensure security compliance and audit readiness you can schedule your access reviews to occur automatically.
Traditionally, security personnel manually export list of access and send to area owners to review twice a year, or every quarter.
In Genetec ClearID™ these access reviews can be scheduled (automated) or initiated manually. A site manager or owner is responsible for configuring access review frequency or manually initiating access reviews to ensure that the review process occurs on time.
- Site owners: Access reviews are displayed in the Access reviews report.
- Area approvers or role managers: Area access reviews are displayed in My Tasks and notification emails.
- Supervisors: Identity access reviews are displayed in My Tasks and notification emails.
You cannot schedule a review for a site that has no areas. If a role or group is associated with an area or room, the role or group becomes part of the area review automatically. All Completed reviews are retained for audit and tracking purposes.
Scheduled access reviews
- A site access review for a Server Room area could be scheduled to occur Yearly. For example, at quarterly intervals, on the first day of the month at 08:00.
- A site access review for a Data Center area could be scheduled to occur Monthly. For example, on the first day of every month at 08:00.
Manual access reviews
You can start an access review manually using the Now schedule when required, to ensure security compliance and audit readiness. Typically manual access reviews are used to test reviews in preparation for an annual review or scheduled reviews to check that all participants are properly set, or to force a review after an incident.Access review email notifications
- When the COMPLETE THE REVIEW hyperlink is clicked, the access review detailed in the email notification is displayed and ready for review.
- When an area approver or role manager clicks the See all your access reviews hyperlink, the My access reviews page is displayed. This view only displays access reviews relevant to the approver.
Access review email notification reminders are sent every 7 days. Access review email notifications are sent from noreply@clearid.io. Check your spam or junk folder if email notifications are not received.
The status of incomplete access reviews are automatically updated to the Expired state when the incomplete access review is replaced by a newer scheduled review with the same name or when the Enforce an expiration for access reviews option is active and the expiration period has been exceeded.
All Completed reviews are retained for audit and tracking purposes. No changes can be made to an access review after it has been completed.