Service Request Handler must regularly monitor access rights and their utilization by users to ensure that the rights are being properly used. In addition, changes to user roles (if any) should be identified, to ensure they are appropriate for the services.

Typical events that trigger a change in identity status are job changes, promotions or demotions, transfers, resignation or death, retirement, disciplinary action and dismissals.
Based on the relevant changes, a new access request should be raised to modify the access rights accordingly. Disabled accounts should be removed from the system after a reasonable time has been allowed to process any files or data, and there are no outstanding audit requirements. Removal of accounts must also include the removal of any associated access rights.

Events such as detection of unauthorized access, unusual application activity, and excessive incorrect login attempts, should be evaluated for security breaches and any exceptions identified should be routed to Incident Management for investigation. Information Security Management assists in detecting unauthorized access by comparing access, with the rights provided by Access Management.

These monitoring activities must be typically based on the Client’s security policies and guidelines.