Case study overview
ACME is a worldwide listed insurance company which offers numerous financial products to its customers. Some of these products were launched more than 15 years ago. ACME is proud of its business agility which is a key differentiator in the Market.
As a result, many IT applications have been internally developed in order to manage these products. Because entitlements are complex, the IT Security team manages new account requests by « cloning » existing accounts: Same As X…
Due to the increasing pressure of internal control, the emergence of industry Best Practices (ISO2700x) and the evolution of legal constraints and regulations (SoX, Bale II, Solvency II, Data Protection…), the company decided to launch a project in order to improve the management of access rights.
Objectives
- Update repositories and cleanup the incorrect or expired data
- Data must be streamlined before new entitlement processes can be setup
- Assess entitlement models and rules on actual data prior to rollout without impacting production systems
