Governance - Recertification
Tools4ever’s identity and access management (IAM) solution, HelloID, automates account and entitlement management to a large extent. In some cases, however, you may want to assign additional permissions or exceptions. Recertification helps you maintain visibility and control over these exceptions. This article explains recertification and the capabilities it provides.
What is Recertification?
Using business rules, HelloID can assign the correct entitlements to virtually all employees. In some cases, exceptions are required, for example, when employees need additional access to data or a non-standard application. Through the HelloID Service Automation module, users can request additional rights in those cases.
Entitlements may grant access to critical or sensitive applications and data, or consume licenses that are costly. At the same time, privileges and needs can change. Assigned rights can become outdated after a role change, permissions can shift, or access can become unnecessary due to changes in work processes.
Even if the assigned rights remain correct, it is important, for audit purposes, to demonstrate that this recertification has actually occurred. This can be part of an ISO, NEN, or BIO certification, or another audit. It is therefore necessary to periodically check whether users still need the assigned rights and remain authorized to hold them. Recertification helps by making this demonstrable.
Campaigns
Recertification works with campaigns, which HelloID uses to validate and automate users’ access to self-service products. You can create tailored campaigns and remain in full control. You decide how often to run a campaign and which products to review, for example, based on risk assessment or certification and audit requirements. Access to critical data may require stricter review than access to a standard application.
In addition, predefined system campaigns are available. The most straightforward campaign is Improper Use, which lists products that were granted in the past but can no longer be requested by the employee. This helps identify rights that should no longer be assigned. Another campaign, Products Not Part of Another Campaign, serves as a safety net and includes all self-service products not included in another campaign. This way, you always maintain visibility into all assigned self-service products.
After running a campaign, HelloID displays an overview of the permissions that require manual review. If the reviewer approves a permission, HelloID keeps the permission in place. If the reviewer denies a permission request, HelloID revokes the rights, blocking access immediately.
Overview and Control
Recertification enables you to maintain an overview and control of the permissions you grant to users through self-service products. This is important for the security of your applications and data, for compliance with laws and regulations, and for the completion of audit and certification processes. HelloID records completed recertification campaigns and reviewer decisions in an audit log. This allows you to demonstrate compliance easily.
Get Started
Ready to get started with HelloID Governance? Read more about this module on our website. Have questions? Contact us