SchellmanCON is back! Join us for our virtual conference on March 6 & 7, 2025

Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

Periodic User Access Reviews

With proper design, implementation and maintenance, periodic user access reviews can be an effective tool for service organizations in achieving their security and compliance goals.

When properly implemented, these reviews can make up for a multitude of user access errors. In order to ensure that access is continuously monitored, user access reviews are performed on a periodic basis (monthly, quarterly, annually, etc.). While quarterly reviews align with best practices, and are even mandated by certain compliance standards, more or less frequent reviews may be required, depending on the organization.

Typical user access reviews consist of managers validating that an account belongs to an active employee or that the account is authorized to have access to a given system. However, while these are important characteristics to review, the most effective user access reviews require managers to review each user’s privileges within the in-scope systems. These detailed reviews ensure that unauthorized privileged access to critical systems does not go undetected. And as always, the more documentation and retention, the better.

When it comes to compliance, a review with no evidence of dates or approvals does very little good.