Term · 5. Audit & Monitoring
Audit
Definition
Independent examination of identity controls, processes, and records to verify compliance with policy and regulatory requirements. Types: internal audit (internal team), external audit (third-party), regulatory audit (regulator-driven), compliance audit (SOX, SOC 2, ISO 27001, HIPAA, PCI DSS, NIS2).
- Application
- MidPoint: Audit is an systematic and documented process for reviewing specific processes, organizations or regulatory compliance.
SailPoint: Audit Log + Audit Reports — track all identity operations for compliance
- Standards & regulations
-
- ISO 19011:2018 «audit: systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.»
Related terms
-
Compliance
Adherence to applicable laws, regulations, standards, and internal policies governing identity and access management. Co …
-
Audit Trail
Chronological record of identity events — authentication, authorization decisions, provisioning actions, configuration c …
-
Privileged Session Management (PSM)
PAM capability that records, monitors, and analyzes sessions involving privileged credentials — SSH sessions to servers, …
-
Risk Assessment (RA)
Systematic process to identify, analyze, and evaluate identity-related risks. Outputs: risk register with likelihood × i …
-
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM) — class of software solutions performing real-time collection, normaliz …
-
Access Certification (AC)
Periodic review process where designated reviewers (managers, role owners, application owners) attest that users still n …