Audit and Assurance

Expand all | Collapse all

Access Review tool

  • 1.  Access Review tool

    Posted 16 Aug, 2019 14:15
    ​Hi,  I am looking for ways to improve our access review process.

    We use a lot of manual effort to prepare access review from pulling the data and getting review from the business.  We use SharePoint to upload the user listing where Manager perform the review.  If anyone willing to share, how access review is organized ? what tools do you use or you know is good, is the tool integrate with the ERP or it is a manual upload, how do you determine which application need to be in scope for access review?

    Thank you.
    Audry

    ------------------------------
    Audry

    ------------------------------


  • 2.  RE: Access Review tool

    Posted 19 Aug, 2019 07:25
    ​Hi Audry

    We had the same issues and have recently introduced Microfocus' "Identity governance".  There you can add a lot of various sources (AD/LDAP, DB-Interfaces etc.) to get the users and the permissions. in the tool itself you coud define reviews (recertifications) of all kinds, define risk levels for the permissions, perform role mining and build business roles. There is even sort of a workflow functionality to request access (but not used by us). I'm seeing it as a good way to slowly head to  a fully fledged IAM / IDM. It can be fully integrated in the NetiQ/Microfocus IDM (the former Novell IDM). So in the end we will have someday quite an automated process for joiner / leaver / movers and for the reviews connected to it.

    I know some that went the other way round. First introduce an IAM, then use the review module which is usually contained in a comprehensive IAM. But we are too small yet for a full IAM-approach.

    Regards
    Fabian


    ------------------------------
    Fabian Wuest
    Head Security
    ------------------------------



  • 3.  RE: Access Review tool

    Posted 28 Aug, 2019 14:39
    Following, we have the same problems. The manual process could potentially introduce the most classic problem : human error​

    ------------------------------
    Henri Adi
    IS Compliance Analyst
    ------------------------------