Certifications

Security is a process, not a product.We need to reduce the risk associated with unauthorized access with Compliance Certification. As the number of users grow,their access needs to be changed, your business may be compromised by users with inappropriate access rights.

An Identity and Access solution should make it easy to initiate certifications, and should provide simple, efficient processes for business managers and resource owners to perform them. In this context “resource owners” are line-of-business and IT staff responsible for managing access to applications, databases and IT services. The solution should be able to support both comprehensive certification efforts (e .g. certifying access for all members of a department) and micro-certifications (certifying access for a single employee after a policy violation is detected).

Certifiers should be able to assess exactly what access is available to current users. They should be able to accept and reject individual instances of access rights, perform additional research, and reassign certifications to another appropriate manager or resource owner. The system should give certifiers visibility into issues like excessive access rights and the violation of separation of duties and other policies.