General
- What are the audit and reporting capabilities of the solution related to user management?
- Do you have an identity and access management policy in place?
- Are factory default account details been changed?
- Do you monitor and review access attempts?
- Is access role based depending on the employee's function?
- Do you allow multiple employees to use the same login?