This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them.

Bookmark Email Print page

Access certification

Regulation requires organisations to ensure that appropriate controls are in place when accessing financial systems, customer management systems, payments systems and any customer sensitive information. In order to correctly implement an access certification solution, the organisation must understand:

  • Who has access to which systems, resources, applications and data?
  • Who approved this access?
  • How was the access granted?
  • When was access last reviewed?
  • What mitigating controls are in place for high-risk access?

Access certification is a core component of an IAM solution and is designed to efficiently fulfil audit and governance requirements. Performing a regular manual review or certification of all user access can meet audit requirements but is expensive and time consuming.

Automating an access certification process allows identities to be correlated across the enterprise providing a holistic view of user access and entitlements to specified applications. With this overview, certification events can be triggered to allow the appropriate person within the organisation, such as a line manager, to approve or revoke employee access; automation is a much more cost effective process than manual certification.

Back to Identity & Access Management

Share this page

Email this Send to LinkedIn Send to Facebook Tweet this More sharing options

Get in touch

More on Deloitte