Overview

Employee/customer access must be reviewed on an annual basis by the designated Manager/Supervisor.

Purpose

To ensure a periodic review of user access.

Scope

This procedure applies to all Medical Center Managers/Supervisors and Sponsors who are required to review employee/customer access on a yearly basis.

Description

An employee’s access to the institution’s information resources will be reviewed on an annual basis by the employee’s manager/supervisor to avoid "Privilege Creep."  This review will insure that all accesses are still appropriate for the employee’s job role.  Any changes will be relayed to the appropriate systems security administrators or submitted to the HIT Security team so that the employee's access may be modified.

 

The annual review process ensures that managers review each employee's access to validate the appropriateness of the access to the employee's current role via the Supervisor Review Form.

Document Supporting Resources