When to use this
Use this register to record privileged accounts, roles, approvals, scope, expiry, and review status.
Related controls
Register
| User | Privileged ID/role | System | Business justification | Approved by | Start date | Expiry/review date | Logging enabled? | Status |
|---|---|---|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | TBD | TBD | TBD | Yes/No | Active/revoked |
Minimum checks
- Privilege is business-justified.
- Separate admin ID is used where feasible.
- Logging is enabled.
- Review date is defined.
- Removal process is clear.
- Template
- Iso27001
- Technological controls
- Privileged access
Note Metadata
Aliases: Admin Access Register
Source: 90 Templates/Privileged Access Register.md
Related Notes
- ISO 27001 A.5.18 - Access Rights
- A.8.2 Audit Evidence Pack
- ISO 27001 A.8.2 - Privileged Access Rights
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- ISO 27002 Annex A Control Interpretation Map
- A.8.2 Audit Checklist
- Privileged Access Review Checklist
- Privileged Activity Log Review Checklist
- Templates MOC