Access Management and SOX compliancy/audits

We frequently deal with companies that have to be compliant to SOX regulations. This often has a big impact on the IT department, particularly with regards to managing access rights. We find in these scenarios there are three very common issues which tend to arise:

Workflow and validations on access rights:

Whether it concerns regular active directory user accounts, NTFS rights, active directory groups, e-mail or application authorisations, all requests and validations have to comply with SOX regulations. This can often mean that, in order to create each user account, the IT department needs sign off from the person making the request, as well as the validating manager and the IT Management.

Traditionally this had to be done by a manual, paper driven process –and many companies still use this outdated method. This means that every time a SOX audit takes place, the IT department has to spend weeks sorting through the papers with the auditor. However, an automated workflow management system (As provided with software like UMRA, User Management Resource Administrator) can automate these steps and make SOX audits a piece of cake for the IT department.

With UMRA there's no risk of papers getting lost in the audit process or people having to wait for their access rights, as the solution will automatically alert the appropriate staff, who can validate a request before it is sent to IT.


In order to comply with regulations, all requests for access and granting of access must be traceable. This is a standard feature of the Tools4ever's Identity and Access Management suite.

Segregation of Duty:

In order to comply with some SOX requirements, certain tasks must be done by separate members of staff. For example an order placed by person X must be validated by person Y. This has consequences for access management as permission to use certain data, or the access rights within an application must be tightly controlled.

The access management system must block or alert personnel whenever two permissions are being granted to the same user. This is easy to achieve with the reporting and provisioning mechanisms in Tools4ever's identity and access management solutions. The solution only needs to know which permissions cannot be combined and it will then automatically manage and audit these requirements.

Feel free to contact your Tools4ever office if you have any questions about SOX compliancy, and Access Management workflows.

Single Sign On: regulating access cards

By now, many organisations are aware of the advantages of Single Sign On (SSO). Employees benefit from SSO because they only have to remember a single (complex) password rather than dozens of (complex) passwords, the IT department receives fewer password reset calls and network security is enhanced ensuring the organisation can meet auditing requirements.

Read more

Who’s speaking please?

The majority of calls received by the IT helpdesk need to be verified. After all, to protect the network, helpdesk needs to be certain that the caller is who they say they are before they can grant access rights to applications. So, how can they do this whilst protecting each end-user's personal information?

Read more

Password Synchronisation vs. Single Sign On

Clients often ask me to advise them on reducing the number of passwords end-users need to use in order to access their account and applications. Their first approach, in order to avoid multiple passwords, is usually to ensure that passwords are synchronised over different systems.

Read more

SSO- The new software that could be the answer to NHS data protection woes

Healthcare organisations such as hospitals and surgeries operate complex networks comprising various applications running on multiple systems. Users need to have access to multiple applications for e-mail, the helpdesk and patient data, etc. In order to comply with increasingly strict security requirements, staff must enter separate username and password combinations for each application.

Read more

Can time- consuming login processes become a thing of the past?

Password synchronisation solutions can prove extremely useful for increasing efficiency and reducing costs. As with Tools4ever’s Password Sychronisation Manager, they allow end-users to use a single password for logging into their network, and all other applications they require access to. After end-users have changed their password, PSM ensures that they can log in directly to all the required systems and applications with a single set of log-on credentials. This can improve end-user productivity and minimise the number of password-related helpdesk calls. But is it possible to enhance efficiency and workforce productivity further still?

Read more