Diagnose / detail

ACME Corp

high

Quarterly access reviews are 9 months overdue

Stale access is the finding that fails a SOC 2 audit and undermines every other attestation you sign.

SOC 2 →PCI-DSS →FedRAMP → Overdue — last attestation 9 months old

Root cause

The quarterly privileged-access review has not run in nine months. Ownership moved during a reorg and the recurring job was never re-assigned.

Business impact

Stale access is the single finding most likely to fail a SOC 2 Type II audit, and it quietly undermines every other attestation — if access is not provably current, none of the control claims are.

Mapped controls

NIST PR.AA-05

Fails while this gap is open

SOC 2 CC6.2

Fails while this gap is open

PCI R7.2

Fails while this gap is open

Drives loss scenarios

Insider misuse

ALE $420K · Open

Open →

The fix

Closes this gap

Run the overdue access review and put it on an automated quarterly cadence

~3 days · IT / GRC · satisfies 3 frameworks

Open action →