Sox Controls regarding provisioning and approving admin access
WendyR
Expensify Customer Posts: 2 Expensify Newcomer
- There is no segregation between the person provisioning and approving access for the administrator user. How are you handling this for SOX? Is there any tips for how you use the system or ways you have designed your compensating controls?
Answers
-
Hey there, @WendyR! Thanks for reaching out about this!
I'm having trouble understanding the first part of your statement. Can you help me understand what you mean by, "there is no segregation between the person provisioning and approving access for the administrator user."? Are you referring to a user role within Expensify? Once I get a better understanding of what you mean, I'd be happy to speak to this more.
-
So we are wondering if we can have one person add access and another person approve for giving admin access
-
Any policy admin can add or remove access. So what you could do here is simply have the first person add a user to the policy, and the second person will be able to remove any additions that he or she feels are not needed.
