Lack of Accountability

In many organizations, users move between projects, departments and locations. As this happens, users acquire new access rights but rarely relinquish old ones.

To meet regulatory requirements, organizations often must attest to the relevancy of sensitive entitlements: should user X have entitlement Y? Who authorized that assignment? When was the entitlement last reviewed and approved? These questions form a trail of accountability.

• Even in organizations where no record is kept of how a user first came to have a entitlement, Access Certifier can be used to invite relevant stake-holders to review and recertify user rights.
• Access Certifier works by sending managers, application owners and data owners invitations to review lists of users and their entitlements.
• Certifiers review and either accept or reject each of the the entitlements in a list they are shown.
• At the end of a certification round, there is a clear record of who approved each remaining entitlement.

Access Certifier creates accountability for access rights, even where original records are unavailable.