When to use this
Practical use
Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.
Use this to document access requests, approvals, provisioned rights, reviews, modifications, and removals.
Register
| User | Identity/User ID | Asset/system/location | Access requested | Business need | Approver/owner | Provisioned by | Date provisioned | Review date | Status/removal evidence |
|---|---|---|---|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | TBD | TBD | TBD | TBD | TBD | TBD |
Review checklist
- Access matches current role.
- Business need remains valid.
- Asset owner or authorized approver confirmed access.
- Privileged access remains justified.
- Mover access from old roles is removed.
- Leaver access is disabled or removed.
- Shared credentials are changed where membership changes.
- Physical access, subscriptions, and group memberships are included where relevant.
Related notes
- Template
- Iso27001
- A5 18
- Access rights
Note Metadata
Aliases: Access Rights Register
Source: 90 Templates/Access Rights Request and Review Register.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.