Access Reviews are routine assessments to ensure employees have the appropriate access to applications based on their job requirements. Typically conducted by line managers or business owners, these reviews aim to:
Confirm or adjust existing access roles/permissions.
Downgrade permissions if needed.
Revoke access if no longer required.
Access Reviews enhance security and compliance, ensuring access aligns with organizational policies.
Access Reviews are essential for maintaining security and compliance. Regular reviews ensure that employees only have the access necessary for their roles, supporting certifications like SOC-2, ISO 27001, and HIPAA.
Create a new Access Review, selecting the applications in scope.
Assign reviewers:
Managers for direct reports.
Business Owners for users within specific applications.
You can run multiple campaigns simultaneously. To start a campaign, click the play icon. Review campaign results by selecting the campaign title. Once completed, download results as a CSV under the “Historic Access Review Campaigns” tab.
Vanta users can set up an integration with Vanta to automatically sync completed Access Reviews with their Vanta account.
Will the changes also go through an approval process?
By default, reviewer-made changes bypass normal approvals. If your application uses manual provisioning, the Application Admin can still review and approve or deny changes before they take effect. If it’s automated provisioning, those changes are applied immediately. To prevent managers from granting critical roles, make the business owner the reviewer.