Here we give our top 5 scenarios in which data access should be revoked within an organisation (and don’t forget that Torsion does this all automatically in the background, so you don’t have to worry about a thing):
Information is out of date or time sensitive – maybe a document or folder has been created for a specific work group or project, or maybe it was only intended for immediate use or something very short term. Often these documents are left sitting in shared files and folders indefinitely but can still contain sensitive information.
A person is leaving a company – if access isn’t revoked immediately, ex employees could still access (and download) sensitive information. The information could then b used maliciously or to the benefit of a competitor that the employee might have moved to.
Temporary access/cover – when someone goes on leave and someone else covers for them you should both a) disable the access of the person on leave (a bit like an out of office) and b) set an end date on which to revoke access for the person covering.
Changing roles/responsibilities – as people change roles and move around a business, it’s important to revoke access that is no longer required in the new department or role. However, you might want to factor in handover periods, secondments, and crossover between roles. For example, Torsion doesn’t just switch off access from an old role. Instead, their old access is carefully decayed over time, while their new access is granted straight away.
New/leaving customers and suppliers – access can quickly become inappropriate when it shared with customers, suppliers and other external colleagues. As soon as a contract has ended or a project delivered, revoke access to ensure sensitive information is secure.
Talk to Torsion about how we monitor and react to these scenarios and more – automatically and in the background. Email email@example.com.