Access Right Management is a Business Process
Did you know that...
the most common reason for starting an IdM project is GRC (Governance, Risk, and Compliance)?
The access rights management process is closely involved with identity life cycle management and it should be based on correct, complete, and up-to-date identity information. Usually that information can be gathered from the HR system or another master data system. When the basic information is correct and up-to-date, it is time to define how the access rights process will meet the needs of the business activities.
Start with Business Needs
- Identify the organization's requirements for information security (e.g. SOX, BASEL). Business rules should define how access control is managed, i.e. who has access to particular information and systems within an organization, ensuring an employee’s access only to proprietary information that he or she requires to perform assigned responsibilities.
- Identify information to be protected (the nature of the information, the form of the information, and where it is located).
- Define and describe the key processes for access rights management and pay attention to the following factors:
- Requesting, approving, and granting access rights.
- Changes in access rights (changes in employment relationships, up-to-date superior-worker relationship).
- Access rights management of leaving employees.
- Access rights management of short-time employees and extending their access rights.
- Regular surveillance and matching of access rights.
- Exceptional cases (long-term absence, substitute arrangement, specific situations).
After describing the key processes it is time to take the next step and define the workflow of access rights management.
Contact Us for Further Information
Marketing and Sales Director
+358 500 726 714