Privilege Account Management These questions are designed to ensure that your IT provider understands appropriate access policies. GENERAL 1. Please described privileged access to clients’ systems. a. How is access assigned? b. How is it limited? c. How is it monitored? d. Are controls in place to limit access to the needs of their roles? 2. Are users restricted to non-admin accounts for anything that does not require admin rights? 3. Are privileged and/or admin or other management level accounts shared and if yes: a. Why? b. Which accounts? c. What are the mitigating controls? d. How do you ensure accountability? 4. What tools and access methods are used for network administration and client support functions? 5. Do you have account creation or rights level change alerts con昀椀gured? Questions To Ask Your MSP | 9
A cio guide to choosing an it service provider (1) Page 8 Page 10