Assurance: Make it Secure, Make it Audit-Proof
Administrative Control
Control Activity
Outcome
Compliance team member checks the ticketing system to ensure that the privileged account has been properly authorized and that it has the correct privileges and compensating controls. Team member updates the ticket with their results and assigns the ticket to a manager (or above) for closure/follow up. Manager reviews and closes/follows up as appropriate. Potential: identify a gap in an upstream process or a performance opportunity. Systems thinking approach.
Standard Operating Procedure: Authorization of Privileged Accounts
[your tool] will monitor the Active Directory “Domain Admins” organizational unit and send real-time text message and email alerts to [compliance@yourtribe.com] to notify when a privileged account has just been created by [Administrator Name] at [ MM/DD/YY, HH:MM:SS]. Email notification will be sent to [Compliance@yourtribe.com] and [helpdesk@yourtribe.com] which will automatically create a ticket in your support desk software and assign it to [compliance group]. The ticketing system will send an email to compliance@yourtribe.com, which will notify a distribution group that a ticket has been assigned for follow up.
Made with FlippingBook - Online catalogs