This is confirmation of the approval of a manager in a position of authority over the access rights and privileges granted to the employees of an organization. There is also a periodic review of access. More concretely, this is the implementation of an automated process of reviewing access granted to different users by the responsible manager. This work is required and required by laws and regulations such as Sarbanes-Oxley, C-198 (52109) or the PCI standard, but also by all good safety management practices (ISO 27001, COBIT, NIST, etc.).
Good governance of information security requires periodic and recurring review to ensure that only authorized access is effective, that access is consistent with user tasks, that corporate Access to sensitive information of security are actually followed in practice.
Why this service and what is exceptional? Among the basic needs that make our customers appeal to us is automation. Our solution is supported by a real workflow engine (work task orchestration) that allows you to define, manage approval rules, regardless of the complexity and without any programming line. The visual interface of our workflow solution (WorkPoint Designer) allows us to set the approval rules according to the client's governance process. Additionally, this solution includes a solution for routing secure e-mail approval requests to the right manager while allowing mechanisms, tracking, sharing, collaboration, and escalation to notifications to users.
Our solution is fully ready-to-use - It's a ready-to-deploy package. All access revision workflows and their certifications, reports, exception management, secure and automated notifications, periodic access review reports are directly ready to be activated and used in a "vanilla" way and without any programming or additional component .
Another advantage of the most significant is the use of automated processes (workflows) to extract the security data and consolidate it through a large process of data-flow. This is the major challenge behind the need for customers to adopt this solution: Simply and automatically extract all the data from the different platforms, consolidate them and present them in a simple, understandable and understandable way to the manager and the 'auditor. Our solution addresses this need through a secure data collection platform (identities and associated privileges) based on CA Technologies' identity and access management infrastructure..
Among the processes available in a standard way with the application:
- User Access Certification Campaign
- Role Certification Campaign (RBAC Model)
- Privilege Certification Campaign
- Self-Certification Campaign
- Recurring campaigns
- Differential Campaigns
- Re-certification campaigns
Our access rights certification solution is available both in software package acquisition mode and in this case, our consultants will help you to parameterize the different modules of the software package according to your needs, but we also offer this service in hosted mode ( SaaS, info-cloud, our data center) or turnkey.
For further information, please contact one of our experts at : sales/@/xpertics.com