Access review

An access review is a systematic cybersecurity process used to evaluate and validate user permissions and privileges across an organization's digital infrastructure. It ensures that all users, service accounts, and entities maintain only the level of access required for their designated roles, strictly following the principle of least privilege. This process involves examining existing access rights — including administrative, application-specific, and data access — to identify excessive, dormant, or unauthorized entitlements that could pose security risks.

Conducted periodically or triggered by specific events (such as role changes or security incidents), access reviews are essential for reducing an organization's attack surface, mitigating insider threats, and maintaining regulatory compliance. By regularly scrutinizing permissions, organizations can proactively address vulnerabilities, uphold the confidentiality, integrity, and availability of sensitive data, and strengthen their overall security posture against evolving cyber threats.