Access Reviews in P&C

Zind
Tera Contributor

Has anyone used the Policy and Compliance app for access review?  In this case the entities will be users with access to x system.  I did not think the P&C will be an audit tool but we are trying to maximize its features.  e.g.  create a Control Attestation to respond the access review control is in place and attach the decision as evidence. Or create a Manual Indicator to collect the respond/ evidence. 

Thoughts? 

1 ACCEPTED SOLUTION

Community Alums
Not applicable

Hi @Zind ,

Your First step should be Creating a Control objective and associate it with the respective Entity Type to generate the different controls having attestation being sent to the control owners like below :

SandeepDutta_0-1665036528106.png

 

And Secondly Configuring a Manual Indicator to collect the evidences.

View solution in original post

2 REPLIES 2

Community Alums
Not applicable

Hi @Zind ,

Your First step should be Creating a Control objective and associate it with the respective Entity Type to generate the different controls having attestation being sent to the control owners like below :

SandeepDutta_0-1665036528106.png

 

And Secondly Configuring a Manual Indicator to collect the evidences.

Sebastien Fix
Giga Guru
Giga Guru

If you have connected SN to your IAM solution, you can use automated indicators to continuously monitor the compliance of your controls. 

Asking team leaders / application owners once a month if they have reviewed the access is only granted to relevant employees in accordance to their roles and responsibilities is not always provided good value; since they may not know how to monitor it correctly - or may not be in charge of managing the access to begin with. The evidence provided would therefore often be quite weak.

You can check out ClearSkye who built a dedicated IAM solution for SN to fully control this process.