Interested in learning more?
Schedule a demo.

Let us know where to reach you and a member of our team will contact you soon to schedule a time to walk through our solution!
Request a Demo

Balkan, BalkanID, and the BalkanID logo are registered trademarks of BalkanID, Inc. in the United States and/or other countries. Nothing on the BalkanID website, platform, or services constitutes legal or regulatory advice, opinion, or recommendation. For legal assistance, please consult a licensed attorney.

Solutions
Lite
User Access Reviews LiteIAM Risk Analyzer LiteLifecycle Management LiteIGA Lite
Enterprise
Access Review & CertificationRBAC & Identity RiskAccess Lifecycle ManagementCopilot & PlaybooksIGA
Guides
User Access Review SoftwareAccess Lifecycle ManagementIdentity Governance AdministrationUAR Tools For NIST CompliancePrivileged Access Management
Company
AboutCareersContactCustomersPricing
Resources
BlogsNewsPress Release

Copyright © 2025 · BalkanID, Inc., All rights reserved.

|

Privacy Policy

|

Terms of Service
Step
Description
Owner
Deadline
Status (✓/✗)
Notes
Define Scope
Document systems, apps, and departments in scope
GRC Lead
DD/MM
Assign Reviewers
Identify managers, system/app owners to review relevant access
GRC
DD/MM
Sync Identity Data
Pull latest user/contractor info from HRIS and identity providers
IT
DD/MM
Flag Dormant Users
Inactive > 90 days (or as per Infosec policies)
Security
DD/MM
Notify Reviewers
Email/Slack reminders
GRC
DD/MM
Approve/Reject Access
With proper justification
Reviewer
DD/MM
Trigger Revocations
Trigger removal workflows (ITSM/De-provisioning etc.)
IT
DD/MM
Export Reports
Export for audit purposes
Compliance
DD/MM
Store Artifacts
Secure archive folder
Compliance
DD/MM
Map User Roles & Access
Document user roles, departments, and current access rights
IT
DD/MM
Step
Requirement
Framework(s) Covered
Define Review Scope
Identify all apps, systems, and data to include
All
Assign Review Owners
Designate managers or app owners for each system
SOC2, ISO
Set Review Frequency
Establish review cadence (quarterly, risk-based, or per policy)
ISO, HIPAA
Collect Access Logs
Gather user access data from IDP, SaaS apps, HRIS
All
Flag Dormant Accounts
Identify accounts inactive for >90 days
HIPAA, SOC2
Review Privileged Access
Pay special attention to admin/service accounts
All
Record Decisions
Document approve/remove actions with reasons
SOC2, ISO
Store Audit Trails
Keep timestamps, reviewer comments, and evidence
All
Remediate Issues
Remove unnecessary access, escalate exceptions
All
Report & Certify
Generate reports for auditors, certify completion
All