Access Management Process
Implementation guidance The header page and this section, up to and including Disclaimer, must be removed from the final version of the document. For more details on replacing the logo, yellow highlighted text and certain generic terms, see the Completion Instructions document.
Purpose of this document This document sets out the access management process including flowchart, activities, reporting and roles and responsibilities.
Areas of the ITIL® Framework addressed The following areas of the ITIL Framework are addressed by this document: •
Service Operation: Access Management
General guidance The control of access to systems and services is a vital element of effective security and one which is often the source of publicized breaches. It is important to have a clear, defined process for user creation and access rights amendment which is audited on a regular basis. Many organizations also fail to review who has access to which systems (and their level of access) resulting in a form of “access creep” where employees collect access rights as they move from role to role. It is well worth spending a significant amount of time up front to put an accurate, role-based security framework in place and then ensuring that this is placed under strict change management. For some application systems the definition of roles and authorities is a specialized skill which may require external resource to get right.
Review frequency We would recommend that this document is reviewed annually.
Version 1
Page 2 of 36
[Insert date]
