Access review workflow

Add a new access review in Hyperproof. See Adding an access review.

Link any controls satisfied by the access review to the access review. See Linking and unlinking objects for an access review.

Link any labels where you want to add proof generated by the access review. See Linking and unlinking objects for an access review.

Manually create and assign tasks for work related to the access review, such as gathering application user lists or providing screenshots to be used as additional proof. See Access review tasks and Adding a task to an access review.

Add a directory of people in your organization. The data in the directory is collated with the data in the user access lists to provide you with additional user information. You can add a directory of people by importing their data using a CSV file or a Hypersync. See Adding a directory.

Add a user access list for each application that is being reviewed. You can add user lists by importing the list using a CSV file or a Hypersync. See Adding an application user list.

Update reviewer, and sysadmin assignments. User access lists are assigned a default reviewer and sysadmin when they are created. If the directory of people contains the names and emails of direct managers, you can assign those managers as reviewers. If necessary, you can bulk assign an alternate reviewer and sysadmin to each user record. See Using direct managers as reviewers for user access and Bulk editing reviewers and sysadmins for an application user list.

Start your access review by updating the status to In progress on the Details tab or clicking the Launch review button on the Review tab.

At this point, Hyperproof begins calculating the percentage complete for your access review based on the total number of user access records that need to be reviewed. See Conducting an access review.

When the access review status is set to In Progress, Hyperproof creates review tasks for each reviewer. See Access review tasks.

Hyperproof sends assigned reviewers email notifications telling them that the access review has started with task links for their review tasks. See Access review email notifications and reminders.

Reviewers assess the user accounts assigned to them and mark whether the access should be maintained or changed. There may be multiple reviewers for an access review each with a different set of user accounts assigned to them. See Conducting an access review and Reviewing user access.

The day after the access review Application review due date, Hyperproof creates update tasks for each sysadmin. See Access review tasks.

Hyperproof sends notifications to assigned sysadmins telling them to start doing system updates with task links for their update and attestation tasks. See Access review email notifications and reminders.

Assigned sysadmins update user access in the source applications based on the information provided by the reviewers. There may be multiple sysadmins for an access review each with a different set of user accounts assigned to them. The System Administrator often does this for each application being reviewed.

Assigned sysadmins attest in Hyperproof that the changes to user access have been made or the changes requested were overridden for each user record with an access change request. See Attesting to user access updates.

Check the status of the user reviews by opening them on the Review tab. See Review tab for an access review.

After reviewing all user accounts, set the access review status to Complete. See Completing an access review.

Generate proof that the access review has been completed and automatically attach it to the access review. See Generating proof for an access review.

Manually attach any additional proof required. See Adding or removing proof for an access review.