Compliance | By Solutions | Your needs | IPG - Experts in IAM (Identity and Access Management)

Compliance IAM

The number of regulations and requirements placed on financial institutions is enormous and highly demanding. As a whole, they range from the Federal Data Protection Act to the MaRisk requirements of the Federal Financial Supervisory Authority (BaFin) and the corresponding requirements of the Financial Market Supervisory Authority in Switzerland (FINMA), the Financial Market Supervisory Authority (FMA) in Austria, and the Financial Market Authority in Liechtenstein (FMA). Among other, these include checks on IT system access authorisations, whose relevance to the financial sector can hardly be overstated. Financial institutions must verify said IT authorisations on a regular basis, and define a process for the assignment thereof. Furthermore, it must be ensured that employees only have the rights that they are entitled to according to their respective activity and function within the company.

Challange

The challenge of authorisation verification

In day-to-day work, checking of and strict compliance with these requirements presents a serious challenge. Therefore, companies require effective tools to support all aspects of user and authorisation management.

Continuous checking of access authorisations and IT authorisations and enforcing the "need-to-know" principle
Preventing authorisation abuse or misallocation
Proof of a complete application system for authorisations
Involvement of specialist departments in the authorisation re-certification process

Use

Quickly deployed: With IPG's Compliance IAM solution, you can automate the most important authorisation checks within 3-5 months and meet the compliance requirements of regulatory authorities.

Modular design: The Compliance IAM solution can be upgraded to a fully-fledged IAM at any time. The full version offers automation of all employee and authorisation management processes, even more comprehensive reporting and a portal with self-service for employees.

Upon request, you can enjoy Compliance IAM as a fully-managed service at fixed monthly costs. IPG installs, configures and operates the solution in the customer environment according to customer-specific specifications. Of course, conventional on-premise delivery is also possible.

Features

IPG's Compliance IAM solution offers out-of-the-box all necessary functions to meet compliance requirements based on the functionality of a standard IAM solution.

Reporting

Authorisation analysis
Time Trace (analysis of rights over time)
Analysis of authorisation sources (roles, purchase orders,...)

Segregation of Duties (SoD) & corporate policy

Rule definition for sensitive authorisations or import of existing rule sets
Definition of mitigation processes (e.g., exceptions, notifications, etc.)
Establishment of preventive and detective controls

Certification and re-certification

Certification of status or status change
Re-certification: forced time attestation including specific and focused reports on escalation operations

Corporate policy enforcement

Employee-related review of corporate policies (compliance)
Control of non-employee-centric corporate policies
Corporate policies for all Identity Management objects (source systems, target systems, roles and authorisations)
Integrated reporting as e-mail, ad hoc analyses, overviews and reports that can be subscribed to

Central portal

Information about editing and auditing corporate policies
Processing of policy exceptions (escalations)
Control of the corporate policy compliance

Solution

Solution strategy

The Compliance IAM solution is designed for the re-certification of employee authorisations. For this purpose, IAM standard software is installed on the relevant authorisation systems with reading access. Thanks to the interface to the personnel system, personal data are linked to the account information of the authorisation systems. In this way, authorisations that have been actually assigned can be read out and checked in re-certification workflows. Changes are transferred directly from the workflow to the system administrators or to an IT service management system, until systems - via subsequent expansion steps (not absolutely necessary) - are also connected with write-permissions for changes to be automatically provisioned.

Our Services

As a managed service, we provide the solution in the customer environment. Requirements and general conditions are recorded in workshops and documented by our consultants. This is done on the basis of standard procedure plans and documents, and followed by implementation and customer training shortly before handover. Subsequently, the IPG Operation Centre operates the solution according to the defined SLA's.