ComplianceCourier™ - Access Compliance

Today's enterprise has an ever-growing challenge to deal with: as information availability increases exponentially, so do regulations and policies governing who can and should have access to sensitive information. Meeting access certification and policy verification requirements, such as segregation of duties, has tangible bottom-line implications for companies in all industries, since manual audit compliance can significantly increase cost of operations.

ComplianceCourier, Courion's access certification, verification and policy compliance software, can help by automating analysis of user access rights, as well as tying critical application access to passing policy awareness tests as ways to proactively meet regulatory requirements. ComplianceCourier enables business managers to periodically engage in audit compliance by reviewing and verifying employee access rights. Automating policy verification helps ensure compliance with key mandates, such as industry or government regulations, while simultaneously reducing operational costs.

Compliance Courier Access, Audit and Policy Compliance Software Model

Features

  • Delivers periodic automated user access review and required remediation
  • Provides ability to define, audit, and enforce segregation of duties (SoD) policies
  • Optionally blocks user access to resources until policy awareness testing is passed
  • Automatically triggers compliance actions based on user provisioning events

Benefits

  • Enables performance of efficient, repeatable compliance audits for time and cost savings
  • Creates audit trails of manager attestation actions
  • Allows delegation of employee access rights review to appropriate business managers
  • Slashes time, effort and costs of previously manual compliance activities

Proactively Confirm Users' Allocated Resources

ComplianceCourier automates the processes required to comply with federal and industry regulations and business policies.

  • Automatically notify business managers when it is time to confirm user access rights in compliance with company policy.
  • Provide security and business managers with compliance information necessary to confirm appropriate user access rights.
  • Initiate corrective actions automatically.
  • Track and store managers' attestation for each user.
  • Administer self-service policy awareness training and testing for end users.
  • Inform managers which employees have passed policy awareness tests and optionally block access to applications pending a passing score.
  • Require confirmation and validation of user access rights at scheduled intervals or in real-time.
  • Map user identities, profiles, and access rights across disparate data sources.

Achieve Compliance Amid Increasing Regulations

ComplianceCourier automates a broad set of processes necessary for organizations to achieve compliance with government and industry regulatory requirements. ComplianceCourier extends the responsibility and accountability for compliance to line of business managers by providing a self-service policy evaluation and awareness testing framework which presents information to the user using business terms, rather than arcane, unfamiliar IT-specific teminology.

ComplianceCourier uses corporate policy guidelines to determine how frequently employees need their access to sensitive resources reviewed and verified. It identifies affected employees for each manager, enabling them to review the employee's access rights, compare them to those designated as appropriate according to policy, and ultimately confirm that the employee’s access is appropriate.

An important aspect of compliance management is to check for policy violations, particularly over-provisioning and segregation of duties. Over-provisioning violates the principle of least privilege, which holds that users should be granted minimal access rights consistent with their business function. ComplianceCourier can also evaluate the accounts and privileges held by a user to determine if any privileges overlap and create a segregation of duties violation.

If changes to a user's access rights are required, ComplianceCourier can package the results so that other applications such as AccountCourier® − Courion’s enterprise user provisioning solution − can trigger appropriate actions to initiate corrections automatically. This allows AccountCourier to supply additional value in overall account provisioning. Providing a separation between security policy and enforcement, ComplianceCourier can enable IT Security to review any or all exceptions to corporate policy.

Contact Courion for more information on how the Courion's Access Assurance solutions can deliver results to your business.

Back To top