By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Our external auditors have told us that we need to recertify users of our key systems on a quarterly basis. That seems excessive, so we'd like to know what others are doing.
To some extent, worrying about what others are doing is like the child who pleads "but Mia's Mom doesn't make her eat broccoli." The auditors have already formed their interpretation of what's good for you - and what will keep them out of court - and are unlikely to be swayed by your appeals. Unless you are prepared to change auditors and use this criterion as your litmus test, you need to deal with it. In this case, your auditors may be conservative, but they are in good company. The trend is definitely towards shorter re-certification times. As automated tools emerge to support certification and rapid or automatic decertification of users based on business rules, we would not be surprised to see monthly requirements become the norm. Investigate tools now to see how they might complement your processes, and aim to go beyond your auditor's immediate requirements. They won't get easier next year, and doing it right now will save you pain and expense in the future.