The ‘GARANCY Recertification Center’ offers a web interface that empowers companies to check the access rights of their users and to define key users who may recertify or revoke assigned rights and roles.
Recertifying access rights
Increase the security and accuracy of recertifications
User and role recertification – Upholding the ‘least privilege’ principle.
Ensure that users only have the access rights they actually need!
Always keep your roles up to date and check them regularly.
As a manager, you can confirm on a regular basis that your team members still require the access rights that were assigned to them.
Personal liability of managers: Seamlessly document that you are meeting all IT compliance provisions.
Benefits of performing regular recertifications of access rights and role
Improved security
Increasing security: Often, inside jobs are the primary cause of a company’s data loss and frequently the duration of the security breach is unknown.
No ‘alibi recertifications’
Quite often, managers perform bulk recertifications without actually taking a close look at the details. Reasons for this may include high workloads, limited time or a lack of insight into the current status of access rights.
Compliant processes
The entire recertification process becomes auditable and can be implemented in a compliant manner across the company.
High degree of transparency
Being aware of the importance of access rights and roles: Many managers do not understand the purpose of individual access rights, or they need to sift through large spreadsheets or other confusing data outputs when performing a recertification.
Suitable recertification tools
The GARANCY Recertification Center delivers tools that cover all audit requirements and provide information needed to confirm the completeness of recertifications.
Protection of employee and customer data
Due to the ever-rising risks posed by cyber crime and increasing regulatory requirements (introduced by, for example, the ECB, Basel 3, ISO 27001, PCI DSS, Solvency 2, Sarbanes-Oxley) and internal audit requirements, guaranteeing data security and privacy requires that companies regularly monitor user’s access to resources.
Product Details
Optimized to Meet Corporate Requirements
- Recertification of access rights and roles with an intuitive browser interface for internal and external users
- Status line provides continuous recertification progress information including details such as due date, brief description, revoked & recertified access rights as well as time frames
- Views down to individual users, departments, roles and comparisons across multiple tables: all, new, released, denied or pending recertifications
- Assign substitutions or delegations for each workflow; automatic security checks to confirm suitability and conformity according to the delegation rules defined in the IAM engine. Marking, notification and reminder function
- Events are consistently logged, and progress is archived: completed/open tasks, actions performed by users, owners of resources, groups, roles or authorizations, releasers, auditors…
- Rapid recertification and automatic ‘out-of-the-box’ de-provisioning after completion of the recertification campaign
Individually configurable
- Simple workflow configuration of automated recertification processes.
- Create recertification campaigns in a snap – based on organizational units, job titles or risk evaluations.
- Set up scheduled recertification campaigns or ad-hoc campaigns.
Flexible & Compliant
- The portal has been optimized for use on a desktop or a tablet and other mobile devices.
- The scope of delivery includes comprehensive audit analyses, and the tool supports audit requirements and confirmations of conformity.
- Internationalized Unicode-based solution supports various date formats and time zones.
