A Recertification Policy outlines the procedures an organization follows to review and verify access rights for employees regularly. The policy includes information on the type of rights, data about the access rights of which people will be evaluated, and how the reviews align with the organization's policies and regulations. A recertification audit can have multiple recertification policies associated with it.
We can create recertification policies of different types in the EmpowerID system, which are reusable. For example, we want to certify external partners and members of certain high-risk management roles in an audit. These items are specified in one or more recertification policies and later added to the same audit.
| Tip |
|---|
Recertification Overview and Recertification Policy Types docs provide more conceptual information about the policy and audit. |
Please follow the instructions below to create a recertification policy.
Create a Recertification Policy
Log in to the EmpowerID.
On the navbar, expand Compliance and select Recertification.
On the Recertification page, select the Recertification Policies tab. Click the + icon to create a new recertification policy.
In the Policy Details form that appears, provide the necessary details and click Save,
Click the Policy Type drop-down and select from the options. EmpowerID provides different policy types that define data snapshots for a particular resource type. More information about the policy types is covered here in the doc Recertification Policy Types.
Fill in the Name, Display Name, and Description fields.
Select Enabled to enable the policy.
Select the appropriate option for Open Item Decision When Audit Is Closed to specify the default decision to make on business requests that are still open (decision pending) but the audit is closed. Suppose an Audit is closed with business request items that have been generated but awaiting a decision. The fulfillment engine will automatically close the items with the selected decision in this option.
Approve: Selecting the decision as "Approve" for an open business request item means that the access being reviewed is valid. The access rights will be granted or retained as they are currently.
Certify: Selecting the decision as "Certify" for an open business request item means that the reviewed access is certified. The access rights will be granted or retained as they are currently.
Convert to JIT: Selecting the decision as "Convert to JIT" for an open business request item in a recertification policy means that the current access will be revoked, but eligibility for the same access will be added as pre-approved. This means that if the user requests the same access from the IAM (Identity and Access Management) shop, it will be granted immediately without needing additional approvals because it has been pre-approved.
Do Nothing: Selecting the decision as "Do Nothing" for an open business request item in a recertification policy means no action will be taken, and the items will remain open.
Revoke: Selecting the decision as "Revoke" for an open business request item in a recertification policy means that the current access will be revoked.
| Tip |
|---|
More information about Audit Closure, “Workflow For Audit Item Close“ and “Open Item Decision When Audit Is Closed“ is provided in the section below Closure of Audit |
| Info |
|---|
After EmpowerID creates the policy, the view one page appears where you can configure Targets of the Recertification and Item Type Scope (Data). A Recertification Policy is only complete once you add the target and scope. |
| Anchor | ||||
|---|---|---|---|---|
|
EmpowerID generates business requests and automatically routes them to auditors to make recertification decisions. Suppose these requests and items are still open or auditors haven’t yet provided a decision until audit closure. You can configure what happens to these open requests and other necessary actions once those decisions are made so that your recertification audits are completed smoothly when it is closed.
An audit is considered closed when the Due Date has been reached as specified when creating the audit.
A user chooses to unselect the Audit Open on the audit details page and closes the audit forcefully.
An audit is created per the schedule and completes the Audit Duration In Days.
Once the audit is closed, the recertification workflow engine will look for open business requests or items that still need certification. If any are found, the fulfillment workflow will apply the default decision provided in the policy for those open requests and close the items. This ensures that all access certification requests are handled based on the decision according to the recertification policy.
| Div | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
IN THIS ARTICLE
|
Next Step