Free Demo Contact
USE CASE

Simplified compliance and auditing

Account and access management processes that are demonstrably compliant by design with relevant information security and privacy guidelines.

CHALLENGE

How do you demonstrate compliance in a complex, dynamic IT landscape

In organizations with hundreds or thousands of users and dozens of applications and data sources, managing individual user accounts and access rights is a complex challenge. How can we address this challenge in a way that guarantees, and makes it easy to demonstrate, compliance with applicable information security guidelines?

SOLUTION

Identity-driven security, with zero trust as the starting point

With automated, fully role-based account and access management, the HelloID platform enforces the least privilege concept. This principle is central to modern information security guidelines, and combined with fully automated exception handling and extensive audit trails and reporting capabilities, HelloID is easy to audit and demonstrably compliant.

Automated, business-driven account management

  • The account lifecycle (onboarding, transfers, offboarding) is fully automated and driven by business systems.

  • At the end of employment, accounts are automatically deprovisioned. No risk of data breaches from active, forgotten accounts.

  • Access rights are managed based on a person's role. Access is granted on a need-to-know basis; unwanted privilege creep is eliminated.

  • Changes to access rights caused by organizational changes are easily processed by adjusting business rules.

Automated exception management

  • Automated request process for additional and/or temporary access rights.

  • Configurable approval workflows so that separation of duties is enforced for each type of access request.

  • Configurable duration for service requests to prevent unwanted privilege accumulation.

Monitoring

  • Access attempts to systems and data are centrally logged and can be quickly analyzed for reporting and audits.

  • Reports of all granted access rights, with breakdowns by users, groups, departments, roles, etc.

  • Overview of applied Business Rules and changes

  • Reports of access requests, including requesters and approvers

REQUIREMENTS

Capabilities

Identity Lifecycle Management

Process changes from the HR system, or another source system, and based on these create, modify, or revoke user accounts and permissions.

Role Based Access Control (RBAC)

Assign and revoke accounts and permissions based on roles. Each role defines which accounts and permissions are required.

Self-service & workflows

Automate handling of access requests and other user requests.

Helpdesk Delegation

Delegate and standardize IT task handling through forms for non- or semi-skilled help desk staff and key users.

Open integration

Support for open standards along with an extensive connector catalog for integrating various source and target systems.

Single Sign-On

A single portal, one username, and one password provide user-friendly and secure access to all applications.

Multi-Factor Authentication

Enforce additional security by applying multiple authentication factors and conditional access policies.
HOW IT WORKS

How we deliver compliant and auditable Identity and Access Management

7 steps that can each be configured with low-code or no-code

  1. Source system: Integrating HelloID with source systems such as HR, SIS, and/or scheduling systems. Changes in source data automatically become available in HelloID.

  2. People: Convert person and role data from source systems into a common representation within HelloID using an identity vault.

  3. Business Rules: Define rules that determine which roles receive which types of accounts and access permissions, and under what conditions.

  4. Target systems: Connect HelloID to on-premises and/or cloud applications. This can be carried out step by step per application.

  5. Service processes: Automate processes, including online approval flows and activation in target systems. This can be performed as a separate step for each process.

  6. Access management: In conjunction with, for example, Active Directory, configure access procedures such as Single Sign-On (SSO) and Multi-Factor Authentication (MFA).

  7. Reporting and auditing: Configure standard and customer-specific reports and monitoring functions for analysis and audits.

FAQ

Frequently asked questions

What are commonly used information security standards?

The ISO 27001 standard is widely used for information security. This standard focuses on establishing a risk-driven information security plan that is kept up to date using a Plan, Do, Check, Act cycle (PDCA). In addition, there are sector-specific standards such as BIO (Baseline Information Security for Government) and NEN 7510 (Information Security in Healthcare). BIO and NEN 7510 use ISO 27001 as a foundation but refine it with specific guidelines and recommendations for the respective sectors.

How does HelloID ensure that my organization is demonstrably compliant with applicable information security guidelines?

HelloID uses automated, fully role-based account and access management that adheres to the least privilege concept, a fundamental principle of modern information security guidelines. In addition, there are extensive audit trails and reporting capabilities that make your organization's compliance easy to audit and demonstrate.

Is the GDPR an information security guideline?

Strictly speaking, no, but the GDPR does directly affect your information security. The GDPR (General Data Protection Regulation) is a privacy law and has a broader scope than information security alone. The GDPR defines which personal data organizations and individuals may collect about citizens and what you may do with that data. It also includes strict rules on how such personal data must be secured to prevent unauthorized disclosure, a data breach. Information security standards such as ISO 27001, BIO, and NEN 7510 help you meet GDPR requirements.

What happens to user accounts when someone leaves the organization?

When an employee leaves the organization, the user account is automatically deprovisioned by HelloID, eliminating the risk of data breaches from active, forgotten accounts. This process is automatically driven by business systems such as the HR system.

How does HelloID handle exceptions to access rights and how is this process kept secure?

HelloID provides an automated request process for additional and/or temporary access rights. This process is configurable and uses approval workflows to ensure separation of duties. In addition, a configurable duration for service requests can be enforced to prevent unwanted privilege accumulation.

Talk to an expert