Problem solve Get help with specific problems with your technologies, process and projects.

How often should we be recertifying users of key systems?

Our external auditors have told us that we need to recertify users of our key systems on a quarterly basis. That seems excessive, so we'd like to know what others are doing.
To some extent, worrying about what others are doing is like the child who pleads "but Mia's Mom doesn't make her eat broccoli." The auditors have already formed their interpretation of what's good for you - and what will keep them out of court - and are unlikely to be swayed by your appeals. Unless you are prepared to change auditors and use this criterion as your litmus test, you need to deal with it. In this case, your auditors may be conservative, but they are in good company. The trend is definitely towards shorter re-certification times. As automated tools emerge to support certification and rapid or automatic decertification of users based on business rules, we would not be surprised to see monthly requirements become the norm. Investigate tools now to see how they might complement your processes, and aim to go beyond your auditor's immediate requirements. They won't get easier next year, and doing it right now will save you pain and expense in the future.

Dig Deeper on Data Center jobs and staffing and professional development

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.