Chat with Experta

User
What will the certification auditor look for regarding control A.5.18 Access rights?
Experta
During the certification audit, the auditor might look for the following evidence regarding control A.5.18 Access rights: if access of users is granted and revoked according to the defined access control policy.

Examples:
A company has defined in its Access Control Policy the rules to grant and revoke accesses rights — The auditor may ask to see the latest hired personnel, personnel that has changed jobs, and latest dismissed personnel, to see if granted and revoked access were implemented as required.