Access Review Tool
Quarterly user-access certifications — the SOC 2 / SOX / ISO 27001 / HIPAA control everyone fails to actually run. Reviewer portal, decision tracking, exception flagging.
Open the live Access Review Tool demo
Public, fully interactive, populated with sample data so the value prop is visible immediately. No sign-up needed — open it in a new tab and explore.
The pain
Access reviews are the most consistently failed control across SOC 2, SOX, HIPAA, and ISO 27001. Every quarter the controller dumps a CSV of user accounts into a spreadsheet, emails department heads, and 30% of them never reply. Off-the-shelf tools (Conductor, Vanta access reviews) start at $30K/year. SMBs need a $5K version that does the same job.
What gets built
- Quarterly review cycles with per-system entitlement breakdown
- Reviewer portal: each manager sees only the access they need to certify
- Decision tracking: approved / revoked / exception with rationale and reviewer signature
- Exception flags: terminated employees with active access, stale privileged access, orphaned managers
- Cycle-over-cycle comparison: who got access added, who got it removed
- Auditor export: PDF cycle summary with full decision log
Stack
- Same Next.js stack
- CSV ingest from Okta/AzureAD/Workday
- Pandoc PDF export
Effort to ship
3 weeks for v1
Open the live Access Review Tool demo
Public, fully interactive, populated with sample data so the value prop is visible immediately. No sign-up needed — open it in a new tab and explore.