Banking client was seeking the completion of recertification tasks to achieve external audit compliance. Repeat findings and escalation items were noted and required immediate responses.
Recertification of critical, second, and third tier applications were completed with the addition of the implementation of interim procedures to precede technology implementation tasks.
Significant success noted related to the establishment of repeatable recertification tasks and the completion of certification activities. This success eliminated all open audit findings and provided the baseline for the technology solution in progress to replace manual activities. This success also provided the procedural strategy and solution path to fast track implementation activities and reduce the timeline for implemented technology.
Global pharmaceutical company was looking to define an undefined global IAM and GRC program (including compliant role provisioning as a critical component). The organization was unable to utilize the existing SAP and supporting application role design due to significant SoD violations and lack of formalized business requirements to establish a fundamental role based solution. This contributed to a breakdown of support procedures resulting in outages, delays, and compliance fines.
A current state assessment of all manufacturing facilities, provisioning, and compliance processes was necessary to establish the starting point for remediation efforts. The team defined the global IAM process and technology framework necessary to develop a new global role design facilitating compliant provisioning, a sustainable technology and procedural solution, elimination of confusion and penalties, delivery of a new role design to support definition and automation, zero unmitigated violations, and a sustainable solution that reduced support timelines.
Manageable solutions resulted in the organization achieving all compliance goals, eliminated unmitigated risks, and increased user satisfaction for entire program.
Deploy a global SAP solution utilizing a multi-phased deployment plan with a new role structure, support program, and compliance plan to ensure continuous monitoring, and zero unmitigated provisioning assignments (with full automation).
Solution included a compliant design, enhanced process and procedures for deployment and ongoing support, and a roadmap for continued efficient deployments.
Global design increased the speed of configuration and deployment, team was able to meet and exceed compliance expectations through automated mechanisms, and increase support for end-user community.
Client was seeking to complete an exhaustive review of their IAM program including process and technology solutions to determine a sustainable and compliance future state. Global operations with multiple existing technologies, frequent acquisitions, significant manual procedures, and difficult compliance activities demanded a deep understanding of the current state with a roadmap for the future.
An exhaustive review of the current state was executed to provide a roadmap of immediate items for resolution, accurate risk ratings per line of business and process area were provided for individual business owner accountability and future state implementation, and executive findings to depict an accurate status for clarity around true risk positioning. The overall solution provided the path for the future to enhance IAM procedures, technical modifications, and overall risk mitigation.
The client was able to determine a plan for the future, mitigate high-risk findings, and begin strategy discussions to realign existing implementation to the overall program strategy. With increased visibility, critical compliance and risk issues were able to be addressed.
Client was looking for perform Security Analytics and an evaluation of the Identity Program, Infrastructure Design, and Risk Management program to understand weaknesses and potential action plan for process or technical remediation.
A fast track review of the infrastructure and standard application inventory resulted in the completion of a current state assessment, roadmap of future technology and configuration recommendations, and modifications for the current security analytics configuration/ monitoring/ logging set-up. This greatly improved SA configuration set-up and results from the Analytics program, establishment of a risk management program, and the establishment of the framework for an IAM program with the roadmap for the enhancement of existing technology.
Client was able to restructure SA architecture to deliver meaningful results, increase focus on the delivery of the right information for the Security, Compliance, and Identity programs, and begin to report an accurate risk depiction across the leadership team.
Client had several concerns stemming from a non-compliant and non-maintainable security design and was seeking support to redesign the application. A new efficient design was requested to provide a maintainable solution for users and administrative staff.
After reviewing operations and security procedures, a new design was implemented to provide a useable solution to the client and application changes were made to support basic compliance objectives. Cross facility manufacturing access was eliminated and display only access was provided to support inquiries for the appropriate user community.
Users were able to request and receive role assignments efficiently and effectively with administrative support. Basic compliance objectives were also met to increase comfort with the application and user access levels while also eliminating high-risk access concerns.