Compliance / Audit
You have to be able to prove it!
In a company, IT must meet a multitude of national and international requirements. For example, the secure use of data access, authorizations, NDA / non-disclosure agreements must not only be applied, but also proven retroactively.
If a company ignores such specifications, consequences ensue: Those who cannot prove their data security without any gaps do not perform well in the ranking, with all the consequences that entails…
In the event of data misuse, the company is liable to recourse until proven innocent. For example, customer A, who has placed a large development order, might discover that customer B owns elementary development results from him. Since both have commissioned the same developer, the latter must prove that the development data and access rights for customer A and customer B have been knitted separately and neatly administered. If the documentation is not complete, sensitive contractual penalties for the violation of data protection secrets can be imposed.
Historical records and auditing tools provide the answer to the question “Who had access to what, when, and who approved it?” at all times. An automated TARGET-CURRENT comparison enables them to recognize existing problems promptly and to initiate corrective action. Security gaps are closed immediately. Your data security is verifiable.
Benefits of audit functionalities
- You can prove your data security to partners, customers, banks, auditors and others.
- Security vulnerabilities are displayed and can be resolved immediately.
- Audit security; requirements of the internal and external audit / auditor are fulfilled.
- By keeping the history of identities and entitlements, you can also prove who caused and is liable for authorization assignments and events that lie in the past.
Obstacles of the topic compliance
- Not all products support all system platforms. Anyone who wants to use the analysis and reporting functions for all systems often has to accept a loss of functionality in the audit tool.
- There is seldom certainty as to which legal requirements (data protection laws, Basel II, HIPAA or SOX) affect the company at all.
- During the analysis of user administration and access authorizations, rule violations always occur. Unfortunately, those who know the cause are often not involved in the project. Simply deleting them does not make sense. Nobody knows how to resolve the issue.