Do you require a periodical authorization and validation (e.g. at least annually) of the entitlements for all system users and administrators (exclusive of users maintained by your tenants), based on the rule of least privilege? Jonathan van Driessen March 02, 2021 14:53 Updated Yes, we do. Related articles Are controls in place to prevent unauthorized access to tenant application, program, or object source code, and assure it is restricted to authorized personnel only? Is physical and logical user access to audit logs restricted to authorized personnel? Comments 0 comments Please sign in to leave a comment.