CONTACT     Overview Step by Step to IT Compliance     Solutions

Step by Step to Compliance-conformity in IT From Harmonized Rights Structures to File-Service Management in Conformity with Rules The next logical step toward fulfillment of regulatory requirements applicable to IT is to introduce standardized and automated file-service management, i.e. rule-based administration of file structures and authorizations. When deploying a corresponding solution, the selfsame rules and policies that had previously been used to restructure the file system can continue to be used to administrate it. The clean database and all logical dependencies are preserved. Clearly defined, automated processes for provisioning project or file storages to departments, project groups or individual employees prevent new rank growth from causing the same old security loopholes. Automated approval workflows for issuance of rights prevent the accumulation of unnecessary or even unallowable authorizations; such workflows also guarantee that each coworker receives only those specific authorizations which are permissible in accord with his tasks and his position in the business. With the assistance of these workflows, which require only minimal input, even technically untrained personnel can request access rights and/or the new creation of file storages via a service portal. Rights can be granted only by specially authorized persons, who, as a rule, are high-ranking individuals in the specialized department. The correctness of the authorization process is guaranteed by the fact that these decision-makers are firmly integrated into automatically running process chains. After a request has been authorized, the corresponding rights are automatically granted on the appropriate systems in accord with the specifications of the business’s guidelines and IT policies. An important factor here is that processes and process steps must be auditable. Historical data are recorded so that they cannot be subsequently altered or revised. This assures that an auditor can find out, reliably and whenever desired, exactly who possesses which rights to access which materials, why an authorization was granted, and who approved the authorization. For example, this capability guarantees the constant availability and testability of the full history of all authorizations which have been granted to participants in the financial-reporting process. > Next ...                                      > Download PDF     1 | 2 | 3 | 4 | 5

©econet | AGB |