Compliance
Security and efficiency through automated policies
Enforce laws, regulations and your own guidelines in accordance with the rules:
from naming conventions to automation and compliance checks.
Rule compliance with FirstWare IDM-Portal
Security
Compliance with FirstWare IDM-Portal means securing the regulatory conformity of company policies.
Information security is protected in multiple ways. Secure your users’ access through role management. Control permissions based on policies, time periods, and approvers.
Policy enforcement includes regular control processes by people in charge of permissions::
- legal rules, such as the GDPR
- regulatory requirements – industry-specific or self-imposed (such as ISO 27001)
- corporate policies, such as naming conventions and job-related authorizations
Data privacy
IDM-Portal meets legal data protection requirements (GDPR) in several ways. The storage of personal data is fundamentally limited to Active Directory or Azure AD, which are already recorded in the data protection management system.
Access to personal identity data is double protected (conceptually and technically) by a well thought-out role authorization concept in IDM-Portal.
Integrate substitution rules or solutions, such as the out-of-office assistant for colleagues, with IDM-Portal in a data privacy-compliant manner.
Regulated access authorizations
Rule adherence is especially important for compliance with authorization policies in order to ensure information security.
Overauthorizations, which arise, for example, as a result of departmental changes, must also be avoided.
IDM-Portal offers two solutions for compliance, which can also be combined:
Compliance automation
Ensure from the outset that employees are given appropriate IT authorizations. Upon joining, rights are automatically assigned that the user may have according to department, activity and function in the company. Any changes to the position lead to automated and traceable data changes.
An authorization concept according to company specifications is based, for example, on:
- location
- division and department
- job title
- management and specialist function
Authorization compliance check
Compliance checks are an important addition. If additional authorizations are assigned permanently instead of temporarily, security risks arise. With IDM-Portal, those responsible regularly check resource and security authorizations.
The cycle and type of review are defined by the guidelines. IDM-Portal enables automatic notifications and evaluations. With one click, the owner checks his authorizations in IDM-Portal.
- Email for authorization verification
- One click to open IDM-Portal
- Verification of eligible members
- Adjustment and approval
- Automatic logging of the process for audits
Traceability and compliance audits
Compliance with corporate guidelines is an active process. This must also be traceable for security experts in audits.
IDM-Portal includes detailed logging of direct and asynchronous actions. Time-controlled actions and workflows can be tracked and are available for evaluations.
The reporting of IDM-Portal offers various standardized reports. In addition, special requirements of companies and organizations can be implemented. The automatic dispatch of reports is also possible if security policies allow it.
Advantages with IDM-Portal
Guidelines that speak against classical IAM systems:
- No redundant personal data storage (often in relation to GDPR)
- HR and department heads are responsible for employee data
- Owner performs authorization check by himself
Compliance requirements that speak for IDM-Portal:
- Multi-level approval workflows for special authorizations
- Department-specific naming conventions
- Settings on the user account are only set by the user or a representative designated by the user (e.g. out of office assistant)