Continuous access review

The quarterly access review is the audit control that everybody signs off on and almost nobody completes within the quarter. The reason is structural. The reviewer has to pull the user list from every connected app, reconcile against the HRIS, identify orphans and stale admins, send the attestation request to the right manager, chase the late attestations, and assemble the audit pack. By the time it is done, the next quarter is starting. The agent inverts the cadence. The review runs every month, the recovery ticket files itself, and the audit pack assembles continuously.

Orphan accounts, which are users still active in a downstream app whose HRIS row is terminated. Stale admins, which are users whose admin grant has not been used in ninety days. Over-provisioned licenses, which are seats assigned to users whose role does not require them. SSH keys not rotated in a year. PATs not used in sixty days. MFA enrollment gaps. The list is configurable per the customer's IT policy.

Files the recovery ticket inside the customer's service catalog with the manager's attestation request attached. The manager attests in one click. The agent runs the recovery (license reclaim, admin downgrade, key rotation, account deactivation). The audit log captures every step. The compliance evidence pack updates automatically.