Episode 33 — Access Control for i1
The joiner, mover, and leaver lifecycle defines how user access changes through employment stages. In the joiner phase, new accounts are created with least privilege and documented approval. Movers—employees changing roles—should have old rights reviewed and removed before new ones are granted. Leavers must have all access promptly revoked. i1 assessors expect written procedures covering each phase, supported by ticketing or identity management workflows. For example, onboarding might trigger an automated request routed through a manager for approval, while offboarding automatically disables credentials upon HR termination entry. Gaps in this lifecycle are major audit findings because they represent live accounts no longer tied to valid users. A mature program tracks each phase’s completion with timestamps and responsible parties. The joiner-mover-leaver process is where access theory meets real human change, proving that privilege adapts responsibly over time.
Logging of successful and failed access is essential for detection, accountability, and investigation. Every login attempt tells part of the story: success reveals legitimate use, and failure highlights attack or error patterns. i1 requires centralized logging for critical systems, capturing user identifiers, timestamps, and source locations. Logs must be protected from tampering and retained for a defined period—often ninety days active, with longer archives. Assessors will examine whether logs cover all in-scope systems and whether alerts exist for repeated failures or unusual access patterns. For example, a surge of failed administrative logins outside business hours should trigger immediate review. Successful log tracking enables correlation during incidents, showing precisely who accessed sensitive resources. This dual visibility—knowing both entry and denial—transforms access records from raw data into actionable assurance.
Evidence examples that reviewers consistently accept include direct system exports, screenshots of authentication settings, access review records, and audit logs showing real-time activity. Strong submissions pair policy language with operational proof. For instance, a policy stating “multi-factor authentication is required” is accompanied by a screenshot of the M F A enforcement screen and a report showing adoption rates. Similarly, access review evidence includes the completed certification report, reviewer comments, and a sample of revoked rights. Assessors value authenticity—files generated by systems with visible timestamps and consistent naming conventions. Weak evidence, such as recreated spreadsheets or redacted screenshots without context, invites questions. The most persuasive artifacts tell a clear story from rule to result, showing that access control is not a paper promise but an ongoing, recorded behavior aligned with i1’s depth expectations.
Auditable and consistent access control defines an organization’s credibility under i1. Every safeguard—from unique accounts and least privilege to M F A and periodic reviews—contributes to a chain of trust that can be demonstrated anytime. When access decisions are documented, revocations prompt, and administrative power transparent, assurance becomes self-sustaining. i1 measures not just presence but reliability: does the system work today, tomorrow, and six months from now in the same disciplined way? Success lies in treating access as a living control—constantly monitored, measured, and refined. When users log in, logs record it; when roles change, permissions follow; when reviewers inspect, evidence awaits. The result is stability built from verification. In the end, auditable access is not about gates—it is about knowing who is inside, why they are there, and proving that knowledge at any time.
