Hi Eramba Community,
I’m trying to log an access request for a former employee’s Outlook inbox, which has been approved by management. However, I’m unsure where this request should be logged in the system.
Can anyone point me to the correct module or section in Eramba where access requests like this should go?
Thanks!
I would say that depends on how you want to categorize the access request
If the person requesting the access has a legitimate reason for doing so, maybe create a comment on the control - if you have a control that monitors access to inboxes
If they do not have a legitimate reason consider creating a possible incident under security incidents, in case that you would expect the request to maybe be granted and compromise information security.
We would log the request in another system an ITMS system, and I would have a control which would review the access requests
Regards
Alex
If you have let’s say an Access Control Policy for example, and the request is an exception to that policy, I would log it under the Policy Exceptions module, this way it’s recorded for evidence and can be controlled if necessary.
I haven’t considered that to be a way of using said element but that actually sounds pretty awesome
Agreed, that is where I would log this. You will also have an expiry date and a requestor so you can easily follow this up to check whether the exception is still required.
Thank you everyone,
A Policy Exception is a great idea. I have also tested with the project management section, but I think I may move to the policy exception route.
Thanks!