ISO 27001 5.18 Access Rights Requirement:
"Access rights to information and other associated assets shall be provisioned, reviewed, modified and removed in accordance with the organization’s topic-specific policy on and rules for access control."[1]
ISO 27001 5.18 Access Rights Requirement Explanation:
To provide and maintain user access to systems and information on a need-to-know basis a formal process should be created to grant user access to resources. This can include a user onboarding form and helpdesk tickets from a user's manager requesting changes to a user's access rights. To ensure that access rights are accurate user security groups should be periodically reviewed and update to reflect access requirements. Access to systems and data must be revoked when a user no longer has a valid business need.
References:
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.