Netsuite user access review

By Netsuite Guru

Hi All,

In this post, we are going to talk about User Access Review in Netsuite. Our main focus will be what is UAR, why it is important and how to do it. 

What is 

A user access review is part of user account management and user control process which involved periodically review of access to confirm if employees, contractors and third party tools has proper rights/role. Purpose of user access review is to minimize data breach by limiting access to data and information.

Why it is important to do UAR?

 - help company to minimize leak of sensitive data by reviewing access periodically
 - employee or ex-employee will not have privilege to access data out of their role and responsibilities.
 - limit fraudulent activity involves an account with elevated privileges
 - help company to release some licenses in case of role change or update of role
 - for public listed companies UAR is important for sox purpose due to above reasons
 - Important IT compliance law require companies to do UAR like SOX, GDPR, HIPAA NIST etc

How to do UAR?

A well-planned and meticulous user access review process can reduce the risk of cybersecurity threats to your organization’s critical assets. To perform UAR, there should be UAR checklist as below:
1. Define the scope if user access audit
2. Analyze result and draw conclusion.
3. Remove any shadow admin account
4. Ensure employees have proper permission based on their role in company. Make sure employees, vendors, contractors etc have fewest privilege possible.
5. Verify that permanent access is given only when necessary
6.  Revoke permissions of ex-employee if they still have it. Ideally permissions and access should be removed on the date of termination.

Most of the companies perform UAR on specific date of every quarter. To implement same in Netsuite, you have to follow below best practice:
    1. Create and Update access management policy
    2. Define Roles in Scope
    3. Create formalized review procedure
    4. Implement role based access control
    5. Create search on employee and role assigned to the employee. Perform same for vendors also if needed.
    6. Document each and every step, get it reviewed by 

If you have any query regarding User Access Review in Netsuite, please let us know. We are also interested in understanding how you do UAR in your company. 

Thanks

Abhishek Tripathi


Download Netsuite Guru Android App
Follow us on Linkedin
Our FB Page

Comments

Post a Comment

Thanks for you message, please join us on Facebook and Linkedin