User Access Reviews for Financial Services

• Principle of least privilege, which recommends minimum user profile privileges for both physical and logical access based on job necessity.

• Alignment of employee job descriptions to the user access program.

• Requirements for business and application owners to define user profiles.

• Ongoing reviews by business line and application owners to verify appropriate access based on job roles with changes reported on a timely basis to security administration personnel.

• Timely notification from human resources to security administrators to adjust user access based on job changes, including terminations.

• Periodic independent reviews that ensure effective administration of user access, both physical and logical.

Many requirements refer back to a user access review process. Access to all critical systems must be reviews on a regular basis by business lines and/or application owners. This creates a tremendous labor-intensive burden on financial companies of all sizes.

Access Auditor is the fastest and easiest solution available for automating the entire user entitlement review process. One bank with 2,000 employees was able to deploy Access Auditor and launch a web-based access review for 70 banking applications in under 2 weeks from start to finish.

To further improve the user access program, SCC’s Access Manager automates the provisioning and termination of users and their access to critical systems. Using advanced workflow automation, on-boarding and off-boarding steps can be orchestrated to occur with no manual intervention, all based upon triggered changes from HR or helpdesk teams.