Identity repositories are reviewed and updated periodically and according to defined triggers, such as system changes and changes to organisational structure
Context and Guidance: Periodic review of identities can help the organisation ensure they remain viable and accurate. The periodic review should be performed by the organisation with the intent of identifying identities that are no longer valid, are duplicated, or that have changed materially but were not detected by the change management process. Reviews may also uncover identities with invalid roles or responsibilities to which access privileges have been provisioned. Invalid or duplicated identities can result in unauthorised use and modification of information, use of systems and technology, or entry to and use of facilities.
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: ACCESS-1a, ACCESS-1c, ACCESS-1e, ACCESS-1f, ACCESS-1j.