[corpospec]
Legal pillar · v0.16.0

access-review AccessReview

Periodic access-review record (per-system, per-period).

$id · https://corpospec.com/schemas/v0.16.0/access-review.schema.json

View raw JSON → ← all schemas

Fields

Field Type Required Description
cadence AccessReviewCadence yes Access-review cadence.
control_basis string yes Control reference (e.g. "ISO 27001 A.5.18 + A.8.2; SOC 2 CC6.2").
decisions GrantDecision[] yes Per-grant decisions.
due_date IsoDate yes ISO 8601 date (YYYY-MM-DD).
entity PathRef yes Path-based cross-reference relative to .corpospec/ root. Pattern: `^[a-z0-9_-]+(/[a-z0-9_.-]+)+$`
grants_reviewed integer yes Total grants reviewed.
id PathRef yes Path-based cross-reference relative to .corpospec/ root. Pattern: `^[a-z0-9_-]+(/[a-z0-9_.-]+)+$`
period_end IsoDate yes ISO 8601 date (YYYY-MM-DD).
period_start IsoDate yes ISO 8601 date (YYYY-MM-DD).
reviewer PathRef yes PathRef to the primary reviewer (system owner).
status AccessReviewStatus yes Review lifecycle.
system PathRef yes PathRef to the system being reviewed.
completed_at IsoDate?
evidence_ref PathRef? PathRef to evidence (export of access list, signed log).
second_reviewer PathRef? PathRef to a secondary reviewer (two-eye / four-eye sign-off).

Definitions

Shared types referenced within this schema.

AccessReviewCadence
Access-review cadence.
enum: "monthly", "quarterly", "semi_annual", "annual"
AccessReviewDecision
Reviewer's decision on a given grant.
AccessReviewStatus
Review lifecycle.
enum: "scheduled", "open", "closed", "overdue"
GrantDecision
Decision on one access grant.
type: object
IsoDate
ISO 8601 date (YYYY-MM-DD).
type: string
PathRef
Path-based cross-reference relative to .corpospec/ root. Pattern: `^[a-z0-9_-]+(/[a-z0-9_.-]+)+$`
pattern: ^[a-z0-9_-]+(/[a-z0-9_.-]+)+$

Reference in your YAML

# yaml-language-server: $schema=https://corpospec.com/schemas/v0.16.0/access-review.schema.json