client email

search

Identity Access Management		Products		Customers & Partners		Services		Methodology		Knowledge Zone

Identity Access Management User Provisioning Delegated Administration Web Access Control Password Management and SSO SOX and Identity Management ERP Implementation Services IT Consulting Identity Management - FAQ IDM – Examples Experts Talk Weekly Tip Newsletter Whitepapers Webcast Demos Return on investment (ROI) calculator IDM Forum
		Sarbanes-Oxley (SOX) - Identity Management (User Provisioning) Integration
		Identity Management and Sarbanes-Oxley (SOX, Sarbox) solutions are affiliated in more than one way. The more traditional way is observing how Identity Management technologies can address the legislator guidelines around financial data accountability, accuracy, and auditability. The main requirements can be summarized as "adequate internal control around financial reporting" which includes: 1. Protecting financial information 2. Controlling the accessibility of financial information 3. Maintaining auditability of the internal control process 4. Monitoring and auditing financial information accessibility in real time as well as periodically 5. Making sure that users access permissions to financial data are added and removed in a timely manner 6. Making sure that these controls are applied to all systems associated with financial or business transactions and not only to the traditional financial systems It is clear that Identity Management solutions, and mostly user provisioning tools, can address a few of these challenges, including numbers 2,4, 5, and 6. However no Identity Management solution is capable of solving the main problems associated with financial controls, which include resolving Segregation of Duties (SoD) conflicts, analyzing potential SoDs in real time before provisioning new roles, and providing mitigating controls for existing violations. Are Sarbanes-Oxley compliance tools and Identity Management solutions competitive or complementary? We think they are complementary and here is why: SOX tools are good for analysis, user provisioning tools are good for process management - Once the analysis phase is completed, new roles and access permissions should be provisioned to the users. These provisioning processes normally involve complex approvals and notification phases, and access to multiple target systems in order to create, modify or delete the required roles. The SOX compliance tools are very good at roles and SoD analysis, but are weak at workflow management, reverse synchronization, and integration with multiple target systems, etc. Developing these capabilities into the SOX tools can prove to be expensive, lengthy, and painful. However, these functions are natural to user provisioning solutions and can be easily and quickly deployed. Return on investment (ROI) - Sarbanes-Oxley (SOX) projects cost a lot and generate no return on investment (ROI). User provisioning projects cost less and deliver real-world business value and ROI. Combining the two projects creates a situation where the SOX compliance costs are reduced, and due to the automation introduced by the user provisioning software, the organization starts to see a return on investment (ROI) and is able to address their critical compliance issues. IDFocus has delivered large-scale projects such as these. Shown below is a high level functional flow diagram. To learn more contact us

About Us   Products   Identity Access Management   Customers & Partners   Our Services   Methodology   Knowledge Zone   Registration Contact Us   Term of Use   Privacy   News   Site Map

Copyright © 2005 IDFocus