Delta Reviews

Last updated: October 7, 2024

Background

Tired of reviewing the same accounts in detail every quarter? Want reviewers to focus more on recent updates rather than getting overwhelmed by the volume? Fed up with the hassle of piecing together past assessments?

Introducing Delta Reviews by Lumos — your solution for managing access reviews efficiently at scale. With Delta Reviews, you're guaranteed to complete your routine access verifications on schedule, every time. Say goodbye to repetitive tasks and hello to streamlined processes that keep you focused on what's changed, not what hasn't.

How it works 

View Updates to users and permissions 

Delta Reviews highlights all relevant changes to an application since the last time it was reviewed. Lumos always compares the current access review to the most recent access review of the same type (accounts-first or permissions-first). 

  • In an accounts-first review, the [New] tag will flag any accounts that were not in a previous review. This can either be for one of the following reasons:

    • New user added to the application

    • New user included in the scope of the review

      • This will by identified by a Change icon detailing the change in scope that now includes these accounts 

        Screen Shot 2024-03-26 at 6.09.33 PM.png

  • The Changes modal allows you to easily view the number of changes and details of those changes including:

    • User-based changes such as change to team, title and any custom user attribute brought into Lumos (eg. office location, ...etc). 

    • Permission-based changes such as any new permissions granted to an account 

    • Review-based changes such as any accounts rejected or modified in the last review; or any accounts previously not included in scope of the review. 

  • Similarly in a permissions-first review, you can identify New accounts AND permissions with the [New] tag. 

Screen Shot 2024-03-26 at 6.24.17 PM.png

See Review History 

Maintain context from previous review decisions

  • Click the time icon to see a history of the most recent (up to 5) review decisions including past review decision, auditor notes, past reviewer name and timestamps. 

    Screen Shot 2024-03-27 at 9.25.15 AM.png

Filter to Accounts with Changes

Streamline your reviews by filtering to accounts with or without changes.

  • Let's say you start by filtering to accounts without changes.

  • Filter to Accounts Without Changes: Begin by isolating accounts that haven't undergone any changes since your last review. This list will include all accounts previously approved in the most recent access review.

  • Quick Review: Since these accounts have been reviewed before, you can quickly go over them again.

  • Bulk Selection and Approval: After reviewing, bulk select these accounts for approval. Feel free to leave notes for the auditor as necessary.

  • Focus on Accounts With Changes: Shift your attention to accounts that have experienced changes. Conduct an in-depth review of these to ensure they meet your criteria.

  • Alternatively you can filter to accounts with changes and focus your review starting with an in-depth review of those changes. Then bulk approve those without changes after a quick review. 

Screen Shot 2024-03-27 at 9.25.49 AM.png

Scope Reviews to Accounts with Changes

Streamline your reviews by just reviewing accounts with changes 

  • You now have the option to completely remove any accounts without changes since the last review from your quarterly user access review.

  • This removes any accounts that were approved in your last access review. 

Screen Shot 2024-03-27 at 10.55.34 AM.png

FAQs

What is the basis for comparison in Delta Reviews?

Delta Reviews utilize the most recent access review of the same type for comparison, regardless of when it was conducted. This ensures a relevant comparison between accounts-first and permissions-first reviews.The comparison review's timestamp is clearly displayed in the changes modal for transparency, as shown below.

Screen Shot 2024-03-28 at 1.15.02 PM.png

Note: These comparisons are not limited to duplicated/ recurring reviews.

What types of changes are flagged in a Delta Review?

Delta Reviews flag:

  • User-based changes: Changes to team, title, and any custom user attribute in Lumos (e.g., office location).

  • Permission-based changes: New permissions granted to an account

  • Review-based changes: Accounts rejected or modified in the last review, including those not previously within the review scope.

Note: Removals of permissions where the account had all other access approved are not flagged.

Why do some users appear as [New] in a Delta Review?

The [New] tag indicates access that wasn't reviewed in the last access review. This could be due to:

  • New users added to the application.

  • Accounts newly included in the review scope.

  • New permissions granted to existing users (This displays a [New] tag in a permissions-first review but just appears in the Changes modal for an accounts-first review)

When will changes flagged from Delta Reviews start appearing in our access reviews?

Changes flagged from Delta Reviews will be available for all access reviews created after Lumos activates this feature for your domain, starting Friday, March 28, 2024.

How do Delta Reviews impact my compliance requirement to review all accounts every quarter?

Delta Reviews do not alter the scope of your compliance review process. You must still review all accounts as per your quarterly compliance requirements. However, Delta Reviews enhances visibility into significant changes since the last review and allow for filtering to easily view these changes.

Can I limit the scope of my review to accounts with changes?

Yes, you can focus your review on accounts with changes, bypassing accounts reviewed in the most recent access review. This scope setting will be stated in your compliance report PDF. This streamlined approach is particularly useful for subsequent quarterly reviews, enabling a more efficient review process without compromising thoroughness or compliance.