Access Management Process
Implementation Guidance (this section must be removed from final version of the document)
Purpose of this document This document sets out the access management process including flowchart, activities, reporting and roles and responsibilities.
Areas of the ITIL® Framework addressed The following areas of the ITIL Framework are addressed by this document: Service Operation – Access Management
General Guidance The control of access to systems and services is a vital element of effective security and one which is often the source of publicized breaches. It is important to have a clear, defined process for user creation and access rights amendment which is audited on a regular basis. Many organizations also fail to review who has access to which systems (and their level of access) resulting in a form of “access creep” where employees collect access rights as they move from role to role. It is well worth spending a significant amount of time up front to put an accurate, role-based security framework in place and then ensuring that this is placed under strict change management. For some application systems the definition of roles and authorities is a specialized skill which may require external resource to get right.
Review Frequency We would recommend that this document is reviewed annually.
Toolkit Version Number ITIL® 2011 Service Operation Process and Policy Pack Version 1 ©CertiKit 2015.
Acknowledgements ITIL is a registered trade mark of AXELOS Limited.
Version 1
Page 1 of 35
Insert date Powered by CertiKit