What is an Access Review?

Access Reviews are routine assessments to ensure employees have the appropriate access to applications based on their job requirements. Typically conducted by line managers or business owners, these reviews aim to:

  • Confirm or adjust existing access roles/permissions.
  • Downgrade permissions if needed.
  • Revoke access if no longer required.

Access Reviews enhance security and compliance, ensuring access aligns with organizational policies.

Access Reviews are essential for maintaining security and compliance. Regular reviews ensure that employees only have the access necessary for their roles, supporting certifications like SOC-2, ISO 27001, and HIPAA.

Setting Up an Access Review Campaign

  1. Navigate to Access Reviews.
  2. Create a new Access Review, selecting the applications in scope.
  3. Assign reviewers:
    • Managers for direct reports.
    • Business Owners for users within specific applications.

You can run multiple campaigns simultaneously. To start a campaign, click the play icon. Review campaign results by selecting the campaign title. Once completed, download results as a CSV under the “Historic Access Review Campaigns” tab.

Vanta users can set up an integration with Vanta to automatically sync completed Access Reviews with their Vanta account.

Performing an Access Review

As a manager, you’ll review access for your direct reports. You’ll receive a Slack notification with estimated review time.

  1. Click the provided link in your notification.
  2. For each user, decide:
    • Should they retain access to the application?
    • Is their current permission level appropriate, or can it be reduced?
  3. Submit the review for each application by clicking Submit.

Access changes are automatically applied.

FAQ

Was this page helpful?