Control impersonation of tenant and logging of actions
A
Advisory Mink
Please create an ability to control access to tenants. Either by allowing an owner or admin to allow access for a period of time and then automatically reverts to blocking. Or the ability to allow access and then turn it off.
Additionally, the logging of such events. Who at Salesmsg did the impersonation, when, justification to do so, which account was impersonated, and what actions were taken.
These logs should be exportable and available for an extended period of time for auditing.
Chris Brisson
Hiya Advisory Mink, thanks for this post! I have a few more questions for you:
- What specific time frame do you envision for the temporary access period before it automatically reverts to blocking?
- How frequently do you anticipate needing to export the logs for auditing purposes?
- Are there any specific compliance or regulatory requirements that the logging and auditing features need to meet?
A
Advisory Mink
Chris Brisson
Other vendors I work with have 1 day, 3 days, 1 week, or indefinite but also provide the ability to revoke access at any time.
The logging export will depend on the requests for auditing for 3rd party risk assessments or requiring a review of potential changes not performed by an employee of the company.
SOC 2 compliance for logging coverage.