Solutions •••
The latest version of SRM v4.0.1 with enhanced features was implemented by the Simeio Solutions consultants to help the client achieve their Certification and Audit goals. The enhanced AJAX UI Interface, administrative dashboard, advanced Business Unit - Users correlation and an enhanced Identity Certification and Audit module provided by the new version was an ideal Identity Access Management(IAM) solution to meet audit requirements. The data imports process for building the Identity Warehouse for the 350k + users and their hierarchical entitlement data was completed by utilizing the ability of SRM to automate and schedule the process of users, accounts and glossary (business descriptions for the entitlements).

The certification module implemented ensured that access to sensitive application data is only provided to users with a valid business need. The two-stage enhanced Certification module implemented at the client verified that the users were reporting to the appropriate managers and in cases of users transferred to new anagers/depart- ments and terminated users, reports were generated and sent to the business to reassign them to the current managers. The updated data was reloaded in the SRM tool and new certifications sent to the correct managers. In parallel to implementing the Identity Certification module to review user access at client, SRM was used to address immediate needs to perform Segregation of Duties (SoD) analysis on SoX Compliance Management critical applications to meet client’s audit requirements. Overall close to 200+ SoD business policy conflicts were mapped in the tool and 350k+ users were scanned for SoD violations.

Outcome •••
*    10000+ certifications based on users’ access to high risk transactions across applications successfully sent out to the 15k+ business unit managers and entire recertification process for certifying 100k+ user accounts was completed within a 60 day timeframe
*    Performed mass clean up of unidentified/orphan/terminated accounts by achieving remediation of 200K+ financially critical transactions across the various applications
*    SRM functionality was used to generate certification reminder and escalation emails to managers to ensure the certification completion deadlines were met
*    60k+ user accounts across various applications which were identified as violating the SoD policies were assigned to appropriate remeditators to act upon and detailed reports for these SoD violations were generated and sent to application owners and management.

Key Benefits •••
Automation of the user access certification process as opposed to the traditional manual certification process was successfully accomplished. Simeio Solutions consultants conducted knowledge transfer sessions in order to ensure that the client team was thoroughly acquainted and aware of product functionality and usability. Customized reports were developed based on client requirements and the same were made available to the management and application owners, and this helped the client achieve detailed transaction level remediation for their financially critical applications. In addition, it also provided management with a consolidated view of the entire certification process while standardizing and documenting it.

The client utilizes a multitude of IT applications across various platforms in order to meet the IT requirements of thousands of employees spread across the enterprise. The client needed a tool which could facilitate communication between Business and IT allowing business to understand cryptic looking entitlements while allowing IT to get perspective on business needs. In situations like this, meeting Sarbanes – Oxley (SOX) Compliance can present a perplexing challenge requiring significant investment of time, human resources and financial capital. The client was quick to identify the need for an Identity Management solution to address their business needs and provide them an answer to the fundamental “who has access to what” question.

The manual certification process used by the client was an intensive process and required significant resources to complete. While the client did have their own system in place, there was no standardization and implementation was an arduous task. Additionally, depending on the application and platform in question, sub sets within the system had been created thereby making the task of certification increasingly complex. 

The client selected CA’s Identity Manager (IDM) and Single Sign-On (SSO) along with Sun’s RBACx (now known as Sun Role Manager) in order to address its Identity Management needs. Over a series of meeting with application owners and client’s compliance team, the process of assignment of access to users was clarified, and SOX critical systems and SOD violations were identified. RBACx’s capabilities were used to centralize reporting, perform user access certification, and schedule periodic scanning for Segregation of Duty (SOD) violations thereby facilitating the client to achieve SOX compliance. Additionally, the concept of incremental certifications was introduced, whereby following the initial cycle; managers would only have to certify users whose accesses had changed. Furthermore the process of certification was standardized, documented and the client IT team was brought up to speed regarding the process and core functionality of the product.

Simeio Solutions is a professional services and management consulting company with a strong collective background in implementing identity and role based access control solutions, supporting Fortune 1000 clients.We offer a unique perspective, utilizing leadership team experience and best practice knowledge gained at the client side of multiple identity management implementations. This perspective is appreciated by our clients as it adds substantial value when defining their own sustainable operations processes, developing roll out plans and building collaborative successful project teams.