Access Reviews in P&C

Zind · ‎10-05-2022

Has anyone used the Policy and Compliance app for access review? In this case the entities will be users with access to x system. I did not think the P&C will be an audit tool but we are trying to maximize its features. e.g. create a Control Attestation to respond the access review control is in place and attach the decision as evidence. Or create a Manual Indicator to collect the respond/ evidence.

Thoughts?

Community Alums · ‎10-05-2022

Hi @Zind ,

Your First step should be Creating a Control objective and associate it with the respective Entity Type to generate the different controls having attestation being sent to the control owners like below :

And Secondly Configuring a Manual Indicator to collect the evidences.

View solution in original post

Community Alums · ‎10-05-2022

Hi @Zind ,

Your First step should be Creating a Control objective and associate it with the respective Entity Type to generate the different controls having attestation being sent to the control owners like below :

And Secondly Configuring a Manual Indicator to collect the evidences.

Sebastien Fix · ‎10-06-2022

If you have connected SN to your IAM solution, you can use automated indicators to continuously monitor the compliance of your controls.

Asking team leaders / application owners once a month if they have reviewed the access is only granted to relevant employees in accordance to their roles and responsibilities is not always provided good value; since they may not know how to monitor it correctly - or may not be in charge of managing the access to begin with. The evidence provided would therefore often be quite weak.

You can check out ClearSkye who built a dedicated IAM solution for SN to fully control this process.