Question PPPR-14
Do you have process and procedure(s) documented, and currently followed, that require a review and update of the access list(s) for privileged accounts?
Weight | 15 |
High Risk | No |
Required | Yes |
Compliant Answer | Yes |
Standard Guidance
EDUCAUSE provides no guidance here
Answering "NO"
Describe plans to implement privileged account access list reviews to your environment.
Answering "YES"
Provide a brief summary and the implement review interval.
Reason for Question
Protecting privileged accounts is crucial to maintaining system integrity in any environment. This question is targeting privilege creep and unmanaged privileged acccounts to determine if the vendor properly manages access control in their application/system environments.
Follow-Up Inquiries
Ask the vendor to summarize their implemented policies and/or procedures.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]