Runs quarterly access audits and surfaces stale-access removal candidates.
Activation complexity
Medium
Time to activate
14-21 days
Volume share
25-35% of role volume
Impact range
Above 95%
Inherited pricing
€3.00 – €12.00 per review or incident handled
This capability shares the Security Operations Analyst's metered unit. A review or incident handled is counted once at the role level regardless of which capability handled it. Adding this capability to an active deployment does not change the per-action price.
What this capability handles
Access Review pulls access data across identity providers and critical systems, compares against role-based access matrices, surfaces stale or over-provisioned access, and drafts remediation actions — with analyst review on every removal call.
Workflow summary
Pulls data, compares to matrix, drafts findings, routes removals.
Stages
Decision logic
Uses role-matrix rules and staleness thresholds to draft findings and recommend remediations.
Systems and data
{"identity provider","GRC tool",messaging}
{"access data","role matrix","prior review","ownership map"}
Exceptions & human handoff
Privileged-access findings or ownership disputes route to the analyst for decision.
Privileged access, ownership dispute, or sensitivity flag.
Readiness
Access data accessible, role matrix documented, GRC wired.
Owner on client side · CISO
Impact contribution
30-40% of role impact is access-review completion on cadence with stale-access removal.
Primary KPI · Access-review completion on cadence · Above 95%
Capability-specific integrations
Beyond the Security Operations Analyst's base stack, this capability plugs into:
The chat opens with Security Operations Analyst and Access Review pre-selected. You can add other capabilities during the conversation.