This article explains how a supervisor reviews and confirms their direct reports have the right access for the applications and systems included in the campaign. Access reviews are critical to maintain application security and are mandated by many regulations such as HIPAA and SOX.
For information on application access reviews, see Complete an Application Access Review.
Managers receive an email sent on behalf of their organization’s security or compliance team once the access review campaign begins with information including the due date and a link to their access review tasks.
Click Go To Task in the access review notification email, enter your work email address, and click Sign In. Use your organization’s single sign-on tool to authenticate into the application.
On the Tasks page, click on a campaign for which you have incomplete review tasks.
For each permission, select Maintain or Revoke to indicate whether it should be retained or removed. If applicable, add a comment to the review task or reassign the review task to another appropriate reviewer.
Once all permissions have been marked to be maintained or revoked, check the box to certify that you have completed the access review and click Submit.
If you have multiple reviews to complete, go to Tasks, select another task, and repeat the steps listed above until all review tasks are complete.
Zilla maintains the entire record of your review.