By Peg Bailey
•
25 Aug, 2020
As an analyst, I help customers prepare for regulatory audits. One company was preparing for a SOC2 audit and I had weekly calls with various department heads to chase down proof that controls were in place. The project manager had to take time away from product development to produce a list of users with privileged access to the production environment and to prove that access was restricted to authorized users only. A waste of his time and talent? Definitely. Does it have to be that way? Absolutely not. How would I fix it? I would set the evidence to be gathered automatically with ServiceNow IRM/GRC from the systems that are already available to test. For example, most ServiceNow customers have Active Directory already integrated, so the evidence of user access is already available. Using a feature called “Automated Indicators” takes the labor out of the process. Not only does it provide evidence for a periodic audit, it also gives managers immediate notice of potential problems in real time. That’s a time saver for compliance personnel and management. And it is not difficult to set this up if you know what you’re doing, or if you implement a package like Clear Skye . SHAW’s partner Clear Skye is built natively on ServiceNow and simplifies Identity Governance and Administration (IGA) by automatically executing identity and application access policies. Evidence is collected with Indicators, so there is no need to update and review files manually to verify that a user was disabled if they left the project or company. When access is removed, a report is generated and emailed directly to the manager. If the project manager prepping for SOC2 had ServiceNow and Clear Skye in place, there would have been no need for weekly meetings or keeping spreadsheets on SharePoint. User access information is displayed on dashboards, providing up-to-the-minute compliance. Take the labor out of your security and compliance efforts and let your people focus on doing what they do best. Shaw Data Security is a Premier ServiceNow partner that helps companies transform inefficient manual processes into labor-saving and scalable integrated risk programs. Using ServiceNow and Clear Skye IGA, we will modernize your IAM, automate it, and give you peace of mind with real-time auditing.