About

Demystifying the audit process:

If your organisation hasn’t previously been audited here are the primary objectives and top tips to remain compliant:

Audit Objectives and Scope

The primary objectives of the User Access audits are to:

• Identify the extent of compliance with and departures from the User Access provisions, set out in the User Agreement;
• Prevent un-authorised users from attempting to access the Portal via legitimate users;
• To assist your organisation comply with User Agreements by recommending any security improvements and Portal Access Control issues identified.

The audit approach involves a risk-based assessment of the systems, processes and controls in place with the User agreement in four different areas:

• Company information and knowledge;
• Profile management;
• Data access and monitoring; and
• Third party compliance.   
  
  
  

 Top tips to remaining compliant:

 Knowledge

Each User accessing the Portal should do so having reviewed the Portal agreement and with the relevant training required to carry out the activities they need to complete on the Portal. Further guidance on the use of the Portal can also be found in the dedicated self-service User guides on this website.

Password security

Each Portal User should have their own password credentials, which must not be shared with ANY other Users.

Housekeeping – User profile updates and disabling expired Users 
 
Where a User no longer requires access or has left the organisation their User account details should be disabled by the Administrator.

Those organisations who demonstrated the greatest audit compliance have implemented internal processes to regularly review and update their User profile(s) and in particular disabling of access to Users no longer requiring it by implementing a quarterly review.