- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-05-2022 02:26 PM
Has anyone used the Policy and Compliance app for access review? In this case the entities will be users with access to x system. I did not think the P&C will be an audit tool but we are trying to maximize its features. e.g. create a Control Attestation to respond the access review control is in place and attach the decision as evidence. Or create a Manual Indicator to collect the respond/ evidence.
Thoughts?
Solved! Go to Solution.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-05-2022 11:08 PM
Hi @Zind ,
Your First step should be Creating a Control objective and associate it with the respective Entity Type to generate the different controls having attestation being sent to the control owners like below :
And Secondly Configuring a Manual Indicator to collect the evidences.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-05-2022 11:08 PM
Hi @Zind ,
Your First step should be Creating a Control objective and associate it with the respective Entity Type to generate the different controls having attestation being sent to the control owners like below :
And Secondly Configuring a Manual Indicator to collect the evidences.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-06-2022 12:16 PM
If you have connected SN to your IAM solution, you can use automated indicators to continuously monitor the compliance of your controls.
Asking team leaders / application owners once a month if they have reviewed the access is only granted to relevant employees in accordance to their roles and responsibilities is not always provided good value; since they may not know how to monitor it correctly - or may not be in charge of managing the access to begin with. The evidence provided would therefore often be quite weak.
You can check out ClearSkye who built a dedicated IAM solution for SN to fully control this process.