Runs quarterly access audits and surfaces stale-access removal candidates.
Activation complexity
Medium
Time to activate
14-21 days
Volume share
25-35% of role volume
Impact range
Above 95%
Inherited pricing
€3.00 – €12.00 per review or incident handled
This capability inherits the Security Operations Analyst's pricing model. The role's launch fee + monthly retainer + role-level usage cover every capability under the role. Adding this capability to an active deployment does not change the price.
What this capability handles
Access Review pulls access data across identity providers and critical systems, compares against role-based access matrices, surfaces stale or over-provisioned access, and drafts remediation actions — with analyst review on every removal call.
Workflow summary
Pulls data, compares to matrix, drafts findings, routes removals.
Stages
Decision logic
Uses role-matrix rules and staleness thresholds to draft findings and recommend remediations.
Systems and data
{"identity provider","GRC tool",messaging}
{"access data","role matrix","prior review","ownership map"}
Exceptions & human handoff
Privileged-access findings or ownership disputes route to the analyst for decision.
Privileged access, ownership dispute, or sensitivity flag.
Readiness
Access data accessible, role matrix documented, GRC wired.
Owner on client side · CISO
Impact contribution
30-40% of role impact is access-review completion on cadence with stale-access removal.
Primary KPI · Access-review completion on cadence · Above 95%
When this capability shows up
Patterns where access review is part of the launch set, with volume and pricing anchored to each company profile.
Mid-market SaaS with SOC 2 posture and heavy vendor footprint
SaaS · 300-800
300 / mo
A 500-person B2B SaaS company runs 300 reviews or incidents a month. Quarterly access reviews overrun by weeks. Reported phish waits hours in the queue.
Security Operations Analyst activates access review and phishing triage. Reviews ship on cadence with stale-access removal; phish is triaged in minutes; the analyst shifts to real risk calls.
Expected outcomes at this volume: access-review completion above 95%, phishing-triage lead time under 15 minutes, analyst hours reclaimed weekly.
Monthly cost
€900–€3.6k
vs human anchor
€3.5k–€12k
Savings
0–3%
Enterprise services firm with ISO 27001 and vendor questionnaires
Services · 800-2000
700 / mo
A 1500-person services firm runs 700 reviews or incidents a month. Vendor questionnaires backlog for weeks. Audit evidence is a scramble every cycle.
Security Operations Analyst activates all four capabilities. Access reviews ship on cadence; vendor questionnaires turn around in days; phish gets triaged in minutes; compliance evidence stays audit-ready.
Expected outcomes: cycle-time reduction 50-70% on coordination surface, vendor-review turnaround 60-80% faster, compliance evidence audit-ready at any moment.
Monthly cost
€2.1k–€8.4k
vs human anchor
€8.2k–€28k
Savings
0–3%
Small fintech preparing for first SOC 2 audit
SaaS · 40-80
120 / mo
A 60-person fintech runs 120 security reviews and incidents a month. SOC 2 evidence is assembled by hand every quarter. Access reviews run late and leave stale accounts between cycles.
Security Operations Analyst activates access review and compliance monitoring. Reviews land on cadence with stale-access removal; evidence bundles stay audit-ready continuously; the analyst spends time on risk calls, not spreadsheets.
Expected outcomes at this volume: access-review completion above 95%, compliance evidence audit-ready at any moment, analyst hours reclaimed weekly.
Monthly cost
€360–€1.4k
vs human anchor
€1.2k–€4.8k
Savings
0–4%
All scenarios and cost ranges come from the Security Operations Analyst role page.
Capability-specific integrations
Beyond the Security Operations Analyst's base stack, this capability plugs into:
The chat opens with Security Operations Analyst and Access Review pre-selected. You can add other capabilities during the conversation.