Access controls are an assurance requirement when an organization is migrating to a SaaS provider because they ensure that only authorized users can access the cloud services and data. Access controls also help to protect the confidentiality, integrity and availability of the cloud resources. Access controls are part of the Cloud Control Matrix (CCM) domain IAM-01: Identity and Access Management Policy and Procedures, which states that "The organization should have a policy and procedures to manage user identities and access to cloud services and data."1 References := CCAK Study Guide, Chapter 4: A Threat Analysis Methodology for Cloud Using CCM, page 751