Identity Certification
Periodic Review - Who has access to what?
• Quick Wins:
– Improve Re-Certification Process (Manual à Automated)
– Foundation build up for centralized Identity Store
– Periodic Review and Centralized Reporting for SOX Applications
• Deliverables:
– Identity Warehouse Build up for 10 Applications, 500 Users
– Launch Certification process for Managers / BU Owners
– Review Access, Certify Online and generate on-demand reports
• Timeline:
– 3 Weeks
Role Definition RBAC Model – Role Engineering
• Quick Wins:
– Improve Access Request Process based on ROLES
– Foundation build up for centralized Identity Store
– Demonstrate RBAC Model to Auditors and Exec Management
• Deliverables:
– Production Ready Roles for the business units
– Identity Warehouse Centralized Repository for 10 applications, 500 Users
– Lead to Identity Management Solution
• Timeline:
– 4 Weeks
Identity Auditing Segregation of Duties [SoD’s]
• Quick Wins:
– Remediation of entitlement exceptions for up to 10 applications.
– Identification of any existing segregation of duty conflicts and entitlement exceptions.
• Deliverables:
– Identity Warehouse Build up for 10 Applications, 500 Users
– Continuous Monitoring of SoD Exceptions
– Generate Audit Reports for Exceptions
