All authorizations within an IT System are mapped in the authorization concept. It includes process descriptions, role definitions and password restrictions.
The diverse IT systems used in a company make authorization concepts very complex to manage and
generate enormous costs.
Authorization concepts must always be up-to-date and should therefore be checked at regular intervals. At the same time, the agreements with the compliance requirements and the content in the IAM system is evaluated.
Conception And Creation Of Authorization Concepts
Evaluation of authorization concepts
Structure of the organization and administration of authorization concepts
Creation of processes (release, update, transfer to the IAM system)
Introduction of periodic follow-ups
The role-based access control (RBAC) enables the assignment of authorizations and the control of access to company resources. In the user or business roles, groups are formed which serve to bundle individual authorizations.
Role concept creation
Defining of the rights structure
Modeling of business roles
Determination of the risk-classification
Role optimization with existing applications
The segregation of duties (SoD) exists so that certain authorizations do not converge on one person, because this could potentially become a risk for the company.
In order to rule out abuse of such positions of power, statutory regulations prescribe certain minimum equirements for risk management (MaRisk), which are accompanied by a clear separation of functions.
This makes organizational structures, processes and authorization concepts necessary and serves as the basis for a SoD matrix.
Creation of a SoD matrix that is customized to your business
Implementation of the SoD matrix in your IAM product
Leading workshops to determine the SoD areas
Resolving SoD conflicts
During re-certification, unnecessary or unapproved authorizations are removed and legitimate authorizations are confirmed by the responsible auditor’s approval.
Management of re-certification campaigns
Establishing the re-certification process
Documentation of the re-certification process
During reconciliation, we make a target-performance comparison between the IAM and authorization systems for accounts and the associated authorizations. At the end of the process, both areas are consistent.
Implementation of reconciliation
Data cleaning
Documentation
Conception And Creation Of Authorization Concepts
Evaluation of authorization concepts
Structure of the organization and administration of authorization concepts