Regulatory Compliance and Access Governance
Identity Compliance and Audit
CxOs need to know that reliable, auditable controls are in place to safeguard access to sensitive data and critical systems. But the high cost and complexity of identity-related compliance has forced C-levels to assume unacceptable levels of risk by limiting their "circle of compliance" to a subset of critical applications, i.e., "what we can afford" and "what we have time to do" vs. "what we need." Fischer Identity Compliance reduces compliance costs and mitigates the risk of adverse findings by simplifying recertification and by revealing your exact position related to user access and separation of duties controls for Sarbanes-Oxley, HIPAA, Gramm-Leach-Bliley (GLBA), FERC, Family Educational Rights and Privacy Act (FERPA), PIPEDA, and other regulations. You and your auditors can now quickly and confidently attest to the integrity of your internal controls over access to financial, personnel, and other key systems.
Problem: Organizations of all sizes must comply with a variety of regulations related to user access to IT resources. Complying with regulations and preparing for audits is costly: auditors demand proof of compliance and audit procedures dictate that organizations that have difficulty answering initial questions are asked even more questions, thereby increasing the time and expense of audits. In addition to requiring historical records for who could access each resource, regulations typically require proof of procedures and proof of controls regarding who can access each resource.
Solution: Identity Compliance can be deployed standalone or combined with other modules to automate preventive, detective and corrective controls, enforce business policies and avoid weaknesses and deficiencies in information technology general controls. Organizations can choose from a variety of capabilities depending on their compliance objectives.
When deployed standalone, you can quickly and cost-effectively validate the integrity of user access controls by performing compliance assessments and recertification. Assessments are based on the actual user, system, account, and entitlement information in your environment. At a minimum, this module will track and report changes in identity and access information between assessments.
When combined with other modules, Identity Compliance can also detect compliance violations related to password policies, as well as enforcing separation of duties (SoD) and the authorization of resources, including highly-privileged and shared accounts.
Benefits & Capabilities
- Validate and enforce user access to financial records, protected health information (PHI) and other sensitive information for compliance with SOX, GLBA, PIPEDA, FERPA, etc.
- Simplify audit preparation and enable auditors to quickly validate compliance
- Quickly prove "Who has access to what, who approved it, and when" (present)
- Quickly prove “Who had access to what and when” (historical)
- Identify policy violations and discrepancies (e.g., Separation of Duties exceptions) on all connected systems
- Recertify user access including recertification approvals through your chain of trust
- Identify account and entitlement changes on connected systems since the previous assessment
- Prove that your user access controls comply with regulations
- Detect non-compliant conditions and alert appropriate personnel
- Utilize preventive, detective and corrective controls
- Automatically track the activities performed by all Fischer solutions
- Match accounts to users and report “orphan” accounts
- Report results using out-of-the box reports, create custom reports or export to reporting tools like Crystal Reports
- Your choice of procurement model: Cloud or on-premise
For additional information on how your organization can benefit from Fischer Identity, please contact Fischer International Identity at +1 (239) 643-1500, or contact us through this website.