Objective: Confirm that only active and authorized users of your company have access to RedSky. Frequently, companies may forget disabling userids for staff who leave an organization; RedSky enforces a password-expiry period for all userids but in the worst-case scenario, you may have an ex-staff possibly accessing your company records for 5-6 months.
There are no automated processes that will disable terminating staff's access to Redsky, suggested solutions for this are:
- HR termination processes should include a checklist for disabling corporate system access including RedSky.
- Frequent audits of active user lists to validate (by HR department) that all the users with access to RedSky are active employees of the company.
Here’s a suggested process for conducting the Active User Audits:
- Determine the audit frequency, you can choose this based on your staff turnover – if the turnover is slow maybe do it bi-annually, otherwise quarterly.
- In RedSky, the admin will find a report called ‘Active User List’
- Please run this report for User type ‘USER’ – these are your internal company employees, all the other user types are external users.
- This report will show active users along with their roles assigned in RedSky. See a sample below:
- This report should be given to HR for validating users against the company’s active roster, any user not in the roster should be strongly recommended for revocation. The only exception maybe you may grant some limited access to outside partners to help you.
- The list for revocation should be given to the company system admin who can disable the userids to prevent any further access to RedSky.