Torsion Information Security Blog

Exploring the business and technical implications of information security.

The Who, What, When and Why of Data Access Governance

When it comes to Data Access Governance and proving to auditors that you are in control of your data access and sharing, you have to demonstrate the ‘who’, ‘when’, ‘what’ and also the ‘why’. Here we look at what each element comprises and how Torsion automates what you need evidence of.


Organisations should know at all times who has access to, who has accessed and also who owns/created the data asset.

Torsion automatically determines who owns the information, and also which users (both internally and externally) have access to a specific file, folder or site. Then as people change roles and move around, who has access to important files, folders, Teams and sites is also updated automatically.


You should also be able to say when a specific user or group of users accessed a piece of information, and when it was created.

Torsion automatically logs every incident of a file, folder or site being accessed and when it was created. Access history can be viewed or exported at any time. If access is detected that doesn’t look right, a quick notification is flagged to the information owner to take a look.


The what is Data Access Governance refers to what data is created, shared and accessed.

Torsion automatically monitors every piece of data and detects any vulnerabilities it spots. For example, if sensitive information is uploaded to a folder with open permissions or a relaxed security policy, Torsion immediately detects that the file doesn’t belong here, and alerts the right person in the business to move it. 


Knowing why a person has access to a piece of data is often the most difficult aspect of Data Access Governance for organisations to prove to auditors. This could be their job role or department, the account they’re working on, or that they’re temporarily covering for someone else. Only when you know why someone has access, can you prove to an auditor whether they should have access.

Torsion tracks not only who has access, but most importantly why they have access. If someone shares a file or site, Torsion quickly captures the reason why. Torsion also detects if those reasons are no longer true, and automatically revokes access which is no longer appropriate.

To start your free trial of Torsion or to watch a free demo email

I want to know more
close slider

Sounds interesting, send me a bit more info...