After a merger, it was determined that several individuals could perform the tasks of a network administrator in the merged organization. Which of the following should have been performed to ensure that employees have proper access?
A. Time-of-day restrictions
B. Change management
C. Periodic auditing of user credentials
D. User rights and permission review