When it comes to proving to auditors that you are in control of your Data Access Governance, it’s just as important to record ‘why’ somebody has access to a particular piece of information, as well as ‘who’, ‘what’ and ‘when’.
The key reason being that only when you know ‘why’ somebody has access, can you prove whether they in fact ‘should’ have access.
Recording this manually for each file, folder or site would be impossible but automated Data Governance tools such as Torsion track not only who has access, but most importantly why they have access. If someone shares a file or site, Torsion quickly captures the reason why.
Access can then be controlled based on ‘why’ they need it, rather than name based permission access, which is far more accurate and granular.
Here are some valid reasons ‘why’ somebody might have access to a file, folder or site:
- Job role – they need access to make their job functional
- Department – they need access because the piece of information is relevant to a whole department
- Account – a piece of information might be relevant to a specific account they’re working on
- Temporary role – they need access for a role that they’re temporarily covering for someone else
And the best bit about Torsion is that as people change roles and move around a business, the ‘why’ they have access is continuously monitored. It then goes back to our earlier point about if you know ‘why’ somebody has access, can you decide whether they ‘should’ have access. If it looks like a person no longer ‘should’ have access, then that access is automatically revoked. You have a clear audit trail of exactly ‘why’ each person has data access and can prove that access is only granted to only those that ‘should’ have it.
To find out more about how our technology works or to see a live demo email email@example.com.