This section requires that your organisation has a process implemented to provide users with administrative access and it also checks to ensure that you have the right segregation in place to deny the accounts from accessing day to day services such as browsing the internet or reading emails.
Your organisation should also track and review on an ongoing basis who has administrative access and if it is still required or not.