Auditing access management for ISO 27001: the human friendly way
The power of decentral authorisation
Who knows best which team members should have access to what? We believe in decentral autorisation, let a team manager manage the access rights. KeyHub makes it easy for a team manager to request access to a resource and for team managers to approve these requests. You might think that delegating this duty to a team manager has a downside: the team manager is now also in charge of revoking rights. Some team managers might be too busy with the business at hand and might forget to administer a team change when someone leaves the team. This is where the KeyHub periodic audit steps in. At regular intervals the team manager receives a notification to audit the team.
The audit itself is a quite easy, with a click of a button access rights will be revoked. Also the team manager can easily grant access to new team members during the audit. As you can see in the image below, auditing takes very little effort. So team managers can spend their precious time at other things.
Audit dashboard for security officers and audit managers
Delegating to team managers makes user access management really efficient. But what if for some reason a team manager doesn’t do the audit? A security officer or audit manager wants to know if the organisation is in control. That is why KeyHub offers an easy to use auditor dashboard. It shows in one view if there are any team managers that are behind on their auditing duties. This way the audit manager can take the appropriate actions to ensure the organisation is in control.