...
Therefore, to minimize the risk, for all the risky accesses, we should be able to certify and recertify on a regular basis that the access is still needed. For example, is this user account still needed? if a user has already resigned from the company, the user account should not be active. These kinds of potential risks are checked and minimized with the help of recertification at regular intervals.
The goal of the recertification is to present the system data to the auditors and to ensure that there are no nonconformity findings during audits. EmpowerID provides a powerful Attestation attestation and Recertification recertification platform that gives any organization the ability to take a more proactive approach to rectify potential security issues before they occur through crafting EmpowerID Audits audits and Recertification Policiesrecertification policies.
Recertification Policies are snapshots of data that reveal the access to resources granted to people and to roles, the assignments of people to roles, and the security assignments that have been made against protected resources like Exchange mailboxes, applications, and groups. These snapshots are routed for review to authorized personnel such as managers, role owners, or data owners. The review process allows the reviewer to verify the access and certify whether it is valid. Internal processes can use this data to remediate and rectify exceptions or certify the exceptions as permitted. EmpowerID maintains an audit trail of these access snapshots and the decisions made concerning the access. This combination of Recertification Policies with EmpowerID's robust reporting capabilities allows organizations to create a more thorough and effective resource management strategy.
...