Privileged access to systems, applications and data repositories is disabled after 12 months unless revalidated.
Topic
Suspension of access to systems
Applicable to
all
History
Dec 2023
Privileged access to systems, applications and data repositories is disabled after 12 months unless revalidated.
The existing control relating to privileged access to data repositories being automatically disabled after 12 months unless revalidated was merged into the existing control relating to privileged access to systems and applications being disabled after 12 months unless revalidated. [ISM-1647, ISM-1734]
Dec 2023
Privileged access to systems, applications and data repositories is disabled after 12 months unless revalidated.
Existing controls relating to automatically disabling access to systems, applications and data repositories after 45 days of inactivity were amended to remove the requirement that it occur automatically, noting that in some cases supporting governance mechanisms may be required to assist in identifying when accounts have not been used within the last 45 days. [ISM-1404, ISM-1647, ISM-1648, ISM-1716]