Specific actions in software (e.g, create, delete or modify certain properties) should be allowed to a limited number of users with higher privileges, initiate the periodic IAM reviews, collect information and perform required changes according to processes and procedures, also, with the number of organizations using the system, profile quantities should be minimal and still meet the need.
Formal process for granting or modifying system access (based on appropriate level of approval) is in place, the periodic reviews of user access are performed by business managers or role owners, and the system automatically generates the requests based on your organization internal control policy.
Dependent on the type of data being held, the system will have to be subject to periodic reviews at an appropriate frequency, to implement a zero-trust approach, security professionals must first equip employees with the appropriate applications, profiles and policies on the devices of choice. In brief, forward user profiles reports to business units for reviews within agreed timelines.
Business managers can assign and evaluate appropriate user roles and access privileges.
Want to check how your ServiceNow Processes are performing? You don’t know what you don’t know. Find out with our ServiceNow Self Assessment Toolkit: