💼 CC6.3-4 Reviews Access Roles and Rules
- Contextual name: 💼 CC6.3-4 Reviews Access Roles and Rules
- ID:
/frameworks/soc-2/cc6/03/04 - Located in: 💼 CC6.3 The entity authorizes, modifies, or removes access to data, software, functions, and other protected information assets based on roles, responsibilities, or the system design and changes, giving consideration to the concepts of least privilege and segregation of duties, to meet the entity's objectives.
Description​
The appropriateness of access roles and access rules is reviewed on a periodic basis for unnecessary and inappropriate individuals (for example, employees, contractors, vendors, business partner personnel) and inappropriate system or service accounts. Access roles and rules are modified, as appropriate.
Similar​
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|