Continuous user access compliance

Post by Glenn Folkes, Regional Sales Director

Business and IT leaders understand that Regulatory Compliance is a non-negotiable. Yet, how many times have you seen teams in a mad rush preparing for a user access review?

Periodic audit cycles have led many organisations to adopt a set and forget approach to user access compliance. They run their business as normal, then scramble to assemble the documentation to prove user access compliance today.

The problem is that user access changes every day.

It’s also worth considering the evolution of Standards like APRA CPS234. This Standard creates a range of new requirements for Financial Services organisations and their suppliers, but significantly it’s silent on how often user access reviews should occur. In doing so, it’s creating the expectation that compliance should be continuous.

This is a real shift. CPS234 is not about set and forget Compliance. It’s about implementing good information security practices, across your business, and your suppliers.

Standards like this will force organisations to fundamentally change business practices and adopt new tooling to monitor compliance continuously.

That is where RightCrowd IQ can help.

The application provides continuous user access compliance monitoring. It can connect to any system in your business and monitor hundreds of regulatory and policy controls.

In doing so it provides continuous visibility of compliance, highlighting pockets of exceptional practice, and providing the information security and business leaders need to close the gap.

As a centralised resource it lowers the cost of compliance with easy, up-to-date user access reporting for reviews and audits. The application supports detailed reporting by system, team or compliance standard in a fraction of the time.

Its true power is in real-time alerting for novel and bespoke applications not connected to an identity tool. The altering can easily be directed to your SEIM or service desk, and resolved through your existing change processes. 

Compliance is evidence of well-run business, and now is the perfect time to start thinking about turning compliance into a business improvement tool.