Data access (German: Zugriff) is a BSI IT-Grundschutz term for the ability to read, write, or execute data and functions within a system. It is distinct from logical access (Zugang/login) and physical access (Zutritt). In an ISMS, you control data access through authorization concepts, role-based access models (RBAC), and the principle of least privilege. Access rights should be reviewed regularly, especially when roles change or employees leave. ISO 27001 Annex A.8.3 requires restriction of information access.