> ## Documentation Index
> Fetch the complete documentation index at: https://help.dsalta.com/llms.txt
> Use this file to discover all available pages before exploring further.

# User access to Critical System should be valid

> Checks that every Twilio account maps to an active employee on your People page.

Checks that every Twilio account maps to an active employee on your People page.

## About

When you connect Twilio to DSALTA, the platform syncs your Twilio account and any subaccounts using read-only API access. On every sync DSALTA compares those accounts against your **People** page, matched by email, and activates this check when an account does not map to an active employee.

<Note>
  Twilio accounts do not carry an email address, so this email-based match often can't resolve an account to a person automatically. Use the Access list as an inventory of Twilio accounts and confirm each is owned by a current, authorized employee.
</Note>

## Why This Matters

Access tends to accumulate over time as roles change, leaving people — or shared accounts — with more than they need. Excess access to a communications platform that can send messages and place calls on your behalf widens your attack surface and breaks the principle of least privilege. Regularly validating who can reach it is a core control in SOC 2 and ISO 27001.

## How to Fix

**Before you begin**

* Ensure the Twilio integration is connected so DSALTA has the current list of accounts.

**Validate Twilio access**

1. In the **Twilio Console**, review the accounts and members that can sign in.
2. Remove or restrict anyone who is not a current, authorized employee.
3. In DSALTA, go to **Data Library → Access**, filter for **Twilio**, and confirm each account maps to an active employee on the **People** page.
4. Mark each reviewed account as **In Scope** (valid) or **Not in Scope** (to be revoked), and record the reviewer.
5. Set a recurring access review schedule (quarterly is recommended).

Once every Twilio account maps to a valid, documented owner, DSALTA sets the check status to **Passing**.

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="How often does this check run?">
    This check runs automatically every 24 hours while the Twilio integration is connected. You can also trigger a manual sync from **Integrations** in the sidebar.
  </Accordion>

  <Accordion title="Why does the Access list show accounts instead of people?">
    Twilio's API does not expose an individual member roster with a plain Account SID and Auth Token, so DSALTA lists your Twilio account and its subaccounts instead. Review each account's owner manually against your People page.
  </Accordion>

  <Accordion title="Can I exclude this check?">
    Yes. If it does not apply to your environment, mark it as **Not Applicable** with a justification. The exclusion is documented for auditors.
  </Accordion>

  <Accordion title="Does DSALTA change my Twilio configuration?">
    No. DSALTA uses **read-only API access** and never modifies, creates, or deletes resources. All remediation is performed by your team directly in Twilio.
  </Accordion>
</AccordionGroup>
