Skip to main content

Access review workflow

Access reviews can be time-consuming and involve collating user data from many sources. Follow the access review process outlined here to conduct an access review using Hyperproof. Depending on your role and associated permissions, you may not be able to access all of the functionality shown here. See Access review roles and permissions for more information.

ar-workflow-diagram.png

  1. Add a new access review in Hyperproof. See Adding an access review.

  2. Link any controls satisfied by the access review to the access review. See Linking and unlinking controls for an access review.

  3. Add a directory of people in your organization. The data in the directory is collated with the data in the user access lists to provide you with additional user information. You can add a directory of people by importing their data using a CSV file or a Hypersync. See Adding a directory.

  4. Add a user access list for each application that is being reviewed. You can add user lists by importing the list using a CSV file or a Hypersync. See Adding an application user list.

  5. Update reviewer, and sysadmin assignments. User access lists are assigned a default reviewer and sysadmin when they are created. If necessary, you can bulk assign an alternate reviewer and sysadmin to each user record. See Bulk editing reviewers and sysadmins for an application user list.

  6. Start your access review by updating the status to In progress on the Details tab or clicking the Launch review button on the Review tab. At this point, Hyperproof begins calculating the percentage complete for your access review based on the total number of user access records that need to be reviewed. See Conducting an access review.

  7. Assigned reviewers assess the user accounts assigned to them and mark whether the access should be maintained or changed. There may be multiple reviewers each with a different set of user accounts assigned to them. See Conducting an access review and Reviewing user access.

  8. Assigned sysadmins update user access in the source applications based on the information provided by the reviewers. There may be multiple sysadmins each with a different set of user accounts assigned to them. The System Administrator often does this for each application being reviewed.

  9. Assigned sysadmins attest in Hyperproof that the changes to user access have been made or the changes requested were overridden for each user record with an access change request. See Attesting to user access updates.

  10. After reviewing all user accounts, set the access review status to Complete. See Completing an access review.

  11. Generate proof that the access review has been completed and automatically attach it to the access review. See Generating proof for an access review.

  12. Manually attach any additional proof required. See Adding or removing proof for an access review.

In this section: