When to use this
Use this record when temporary elevated access, remote support control, third-party troubleshooting, or dynamic privilege is granted to access information or functions.
Related controls
- A.8.3 Information Access Restriction
- A.8.2 Privileged Access Rights
- A.5.18 Access Rights
- Privileged Activity Log Review Checklist
Session record
| Field | Value |
|---|---|
| Request ID | TBD |
| System/application | TBD |
| Requester | TBD |
| Person receiving temporary access | TBD |
| Business reason | TBD |
| Approved by | TBD |
| Start time | TBD |
| End time | TBD |
| Access granted | TBD |
| User witnessed session? | Yes/No/NA |
| Logging enabled and retained? | Yes/No |
| Actions performed | TBD |
| Access removed/ended by | TBD |
| Post-session review completed by | TBD |
Minimum checks
- Access was explicitly approved before use.
- Scope and duration were defined.
- The authorized user could see or understand the support session where applicable.
- Actions were logged.
- Access ended at the approved time.
- Post-session review was completed.
- Template
- Iso27001
- Technological controls
- Access control
- Privileged access
Note Metadata
Aliases: Temporary Privilege Session Record, Remote Support Session Record
Source: 90 Templates/Dynamic Privilege Session Record.md
Related Notes
- ISO 27001 A.5.18 - Access Rights
- A.8.3 Audit Evidence Pack
- ISO 27001 A.8.2 - Privileged Access Rights
- ISO 27001 A.8.3 - Information Access Restriction
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- A.8.3 Audit Checklist
- Privileged Activity Log Review Checklist
- Templates MOC