Our ISO 27001 certification underscores our commitment to rigorous access management. We follow well-defined policies and processes for segregating duties, granting and revoking access rights, and conducting regular access reviews. All access requests are registered and approved through a record management system, which also monitors and alerts for expiring data. We implement central authentication through MS Active Directory, with multifactor authentication required for roles with extended privileges. Access rights are reviewed annually.