Draft a comprehensive access card lifecycle policy for [CompanyName] that standardises issuance, modification, suspension, and deprovisioning across [Region] sites. Define clear service-level targets—initial issuance within [SLA_Issue_Hours] hours, urgent replacements within [SLA_Issue_Hours]/2, and termination deprovisioning within [SLA_Deprovision_Minutes] minutes. Cover card types, identity proofing, approval thresholds, badge technologies (e.g., [BadgeTechnology]), visitor/contractor handling, and chain-of-custody. Include measurable controls for least privilege, dual approvals for high-security zones, and quarterly recertification.
Output format:
Executive summary (5 bullet points).
SLA table (Markdown): Process Step | Target | Measurement Method | Data Source | Control Owner.
RACI matrix (Markdown) for Security, HR, Facilities, IT, Line Managers.
Risk register (Markdown): Risk | Cause | Impact | Likelihood | Mitigation | KPI.
Compliance mapping list to relevant frameworks within [Timeframe].
Embed metrics collection methods and audit evidence types (logs, tickets, access change records) and specify escalation triggers for SLA breaches.