All Collections
Control Tests
Test: Least Privilege Policy for Customer Data Access
Test: Least Privilege Policy for Customer Data Access

Drata inspects your company security policies to determine if employees are only allowed access to customer data when absolutely necessary.

Ashley Hyman avatar
Written by Ashley Hyman
Updated over a week ago

ASSOCIATED DRATA CONTROL

This test is part of the Least-Privileged Policy for Customer Data Access control that ensures your company authorizes access to information resources, including the data and systems that store or process customer data, based on the principle of least privilege.

WHAT TO DO IF A TEST FAILS

If Drata finds that your company policies are either not available or do not require that employees may only access the customer data they need in order to complete their jobs the test will fail.

To remediate a failed test, you will need to make sure that the appropriate policies are uploaded to Drata and contain specific requirements for ensuring access to customer data is only granted when absolutely necessary to complete a job.

STEPS TO REMEDIATE

  1. Navigate to the Policy Center.

  2. Add a 'System Access Control Policy' and ensure that the newly added policy is approved.

HELPFUL RESOURCES

Did this answer your question?