Result

Access Control Process

- The major weakness of the company in this area is their lack of background checking and
evaluation for their new employees. Although it's excellent that the company puts such a high
value on employee trust, doing a background check is crucial still because these workers will be
in charge of managing confidential customer information. If the business keeps skipping the
background checks, they could recruit someone who has bad intentions and the potential to really
harm the business. I advise conducting background checks and evaluation on all new and existing
workers to reduce this risk. The fact that the business does not have a record of the access request,
or if permission is kept, the system does not record the date when access was given, is another
criteria or weakness in this category. Without this data, it is very hard to guarantee that staff
members are complying with the proper process when it comes to access requests. Our team
recommendation to reduce the risk is to implement a new feature in Critical that records access
requests and permissions along with the time and date they were made and approved.

- The first strength in this area is the procedure the company has put in place when staff members
ask to access Critical. An end user must first submit a request for access to the Critical system to
his or her supervisor. The end user's authorization and the appropriateness of the requested access
will then be acknowledged by the supervisor to the administration office for Critical. By doing
this, the risk of the end user doing whatever they want to take advantage to the Critical is
reduced. Another advantage or strength is that the company uses access deprovisioning, which
allows management to disable an employee's access to the system when they leave the
organization. This action stops any undesirable individuals from entering the system and
engaging in harmful actions.

Process Flow

- The absence of recording and monitoring when it comes to inputting data into the Critical system
is the organization's weakness in this process. Both sales team members and sales managers have
access to the system where they may enter data relevant to their specific clients, so they can add
new clients independently and are rewarded quarterly based on the number of new client accounts
they generate. However, the sales staff's data entry is unmonitored, so any member of the team
may be making up accounts to claim the bonus. In order to ensure that the customers entering the
system are real and not just troll accounts, it is recommended that a controller and supervisor be
placed to safeguard and monitor the customer data.

- A strength in this area is the Critical system's capacity to verify newly entered customer data to
ensure there are no duplicates and identify the account as "new" so anybody with access to that
customer is aware that they are a new client and not an established one. Another benefit in this
regard is the system's capacity to keep track of the quantity and location of each StellenTEK
health supplement sold. The daily inventory is refilled as required, and there is a division of labor
among different divisions. Every day, managers may obtain a summary of the items sold and the
location utilizing the corporate data warehouse.