Platform module
Access Review Register Software for Small IT Teams
CertPilot helps teams track who has access to which systems, review that access on a clear cadence, and produce access review evidence. The module is a customer-entered register with a Systems Catalog, matrix view, completion log, CSV import/export, and an Access Review Register PDF.
What you can track
The register keeps the practical fields needed for an IT access review process. It is not a directory connector; your team adds records manually or imports them by CSV.
Matrix view
The matrix is the review-first view. Rows are people, columns are systems, and cells show access levels such as read/view, write/edit, admin/manage, owner, custom values, or no access. It gives reviewers a fast way to see who has access to what.
Systems that are no longer in the active catalog remain visible when access records still reference them. CertPilot labels those fallback columns as not in active catalog so old evidence is not hidden or silently removed.
Entries view
Entries view is the audit and detail view. It is where teams add, edit, delete, import, and export individual access records. It is also the place to clean up specific records before completing a review.
Summary tiles
The module summarizes the register with counts for:
Systems Catalog
The Systems Catalog defines the systems that appear as matrix columns and in the Add Entry workflow. It keeps the review shaped around the tools your team actually needs to check.
Hide inactive systems from new entries
Mark a system inactive when it should no longer appear in new-entry dropdowns, while still keeping historical records visible in the register and matrix.
Guarded deletion protects evidence
CertPilot blocks catalog deletion when access records still reference that system. Access evidence is never silently deleted just because a catalog definition changes.
Completion Log
After checking the register, a reviewer can complete the review. One completion row is one immutable evidence event for the whole register. It records who completed the review, the completed date, review period, cadence, next review due date, an optional note, and snapshot counts.
This avoids the awkward workflow of marking every row as reviewed just to prove a review happened. The register remains the working data; the completion event is the sign-off evidence.
Reminder status
Access review reminder emails can be enabled from workspace settings. CertPilot can send scheduled reminders before upcoming review due dates.
Reminder delivery is idempotent for the same review due date, so the same due date is not repeatedly emailed. A separate reminder delivery history or log is not exposed yet.
This boundary does not change the access review evidence surface: CertPilot stores customer-entered records and does not inspect access inside Google Workspace, Microsoft 365, or any other private system.
Evidence reports and exports
The Access Review Register PDF is the evidence artifact for the module. It includes access records grouped for review and, when available, the latest completed review summary with completed date, reviewer, review period, cadence, next due date, snapshot counts, and optional note.
CSV import helps teams start from an existing spreadsheet. CSV export keeps the data portable. The PDF is useful for internal reviews, client evidence, management check-ins, and audit preparation without claiming certification.
Access review evidence includes
- Customer-entered access records
- Matrix and entries review surfaces
- Latest completed review summary
- CSV import and export
- Access Review Register PDF
Who this is for
CertPilot is for teams that need lightweight user access review evidence but are not ready for a large enterprise IAM, GRC, or audit management platform.
Small IT teams
Keep quarterly access review evidence organized without buying an enterprise IAM or GRC platform.
MSPs
Maintain a clear access review register for clients and bring evidence into service reviews.
Agencies
Track access to client tools, hosting, domains, CMS platforms, and shared operating systems.
Operations teams
Run a lightweight user access review process when ownership is split across managers and vendors.
What CertPilot does not do
The Access Reviews module is deliberately scoped to governance evidence support. That keeps the page honest and keeps sensitive data out of the product.
- No automatic Google Workspace or Microsoft 365 connector yet.
- No automatic company directory reading.
- No employee monitoring, activity tracking, or productivity scoring.
- No reading emails, documents, chats, files, AI prompts, or AI responses.
- No compliance certification, legal advice, or audit guarantee.
Build the access review evidence trail before the next quarterly review.
Start with a customer-entered register, review it in the matrix, complete the review, and export the Access Review Register PDF when leadership, a client, or an auditor asks for evidence.
Access reviews FAQ
What is an access review register?
An access review register is a structured record of who has access to which systems, what level of access they have, who reviewed it, what needs action, and when the next review is due.
Can CertPilot connect to Google Workspace or Microsoft 365?
No. CertPilot Access Reviews are customer-entered today. The live module does not connect to Google Workspace, Microsoft 365, HR systems, or identity providers.
Does CertPilot monitor employees?
No. CertPilot stores access records that your team enters or imports. It does not track activity, score productivity, read private content, or inspect how employees work.
What is the difference between the matrix and the review log?
The matrix is the working view for checking who has access to which systems. The review log records completed reviews as immutable evidence events, including reviewer, period, cadence, next due date, notes, and snapshot counts.
Can I export access review evidence?
Yes. CertPilot supports CSV import/export for the register and generates an Access Review Register PDF. The PDF includes the latest completed review summary when one exists.
Does CertPilot send review reminder emails?
Yes. Access review reminder emails can be enabled from workspace settings, and CertPilot can send scheduled reminders before upcoming review due dates. Reminder delivery is idempotent for the same review due date, so the same due date is not repeatedly emailed. A separate reminder delivery history or log UI is not exposed yet.
Is this a compliance certification tool?
No. CertPilot helps produce governance evidence for internal reviews, client evidence, management check-ins, and audit preparation. It does not certify compliance or guarantee an audit outcome.