UnixTime

Research Note

Access Review Checklist

Use this for periodic reviews of logical or physical access to systems, repositories, applications, networks, cloud platforms, and sensitive locations.

On this page

When to use this

Practical use

Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.

Use this for periodic reviews of logical or physical access to systems, repositories, applications, networks, cloud platforms, and sensitive locations.

Review record

System/asset Reviewer Review date Scope Exceptions found Removals/corrections Completion evidence
TBD TBD TBD TBD TBD TBD TBD

Checklist

  • User still has a business need.
  • Access level matches current role.
  • Access aligns with classification and handling requirements.
  • Privileged access is justified.
  • Shared/group access is appropriate.
  • Leavers are removed.
  • Movers have old access removed.
  • Contractors and third-party users still require access.
  • Exceptions are documented and approved.
  • Required removals are completed and evidenced.