Create Recertification Policy

Owned by Phillip Hanegan
Feb 29, 2024
3 min read

A Recertification Policy outlines the procedures an organization follows to review and verify access rights for employees regularly. The policy includes information on the type of rights, data about the access rights of which people will be evaluated, and how the reviews align with the organization's policies and regulations. A recertification audit can have multiple recertification policies associated with it.

We can create recertification policies of different types in the EmpowerID system, which are reusable. For example, we want to certify external partners and members of certain high-risk management roles in an audit. These items are specified in one or more recertification policies and later added to the same audit.

Recertification Overview and Recertification Policy Types docs provide more conceptual information about the policy and audit.

Please follow the instructions below to create a recertification policy.

Create a Recertification Policy

  1. Log in to the EmpowerID.

  2. On the navbar, expand Compliance and select Recertification.

  3. On the Recertification page, select the Recertification Policies tab. Click the + icon to create a new recertification policy.

     

     

  4. In the Policy Details form that appears, provide the necessary details and click Save,

     

    • Click the Policy Type drop-down and select from the options. EmpowerID provides different policy types that define data snapshots for a particular resource type. More information about the policy types is covered here in the doc Recertification Policy Types.

    • Fill in the Name, Display Name, and Description fields.

    • Select Enabled to enable the policy.

    • Select the appropriate option for Open Item Decision When Audit Is Closed to specify the default decision to make on business requests that are still open (decision pending) but the audit is closed. Suppose an Audit is closed with business request items that have been generated but awaiting a decision. The fulfillment engine will automatically close the items with the selected decision in this option.

       

      • Approve: Selecting the decision as "Approve" for an open business request item means that the access being reviewed is valid. The access rights will be granted or retained as they are currently.

      • Certify: Selecting the decision as "Certify" for an open business request item means that the reviewed access is certified. The access rights will be granted or retained as they are currently.

      • Convert to JIT: Selecting the decision as "Convert to JIT" for an open business request item in a recertification policy means that the current access will be revoked, but eligibility for the same access will be added as pre-approved. This means that if the user requests the same access from the IAM (Identity and Access Management) shop, it will be granted immediately without needing additional approvals because it has been pre-approved.

      • Do Nothing: Selecting the decision as "Do Nothing" for an open business request item in a recertification policy means no action will be taken, and the items will remain open.

      • Revoke: Selecting the decision as "Revoke" for an open business request item in a recertification policy means that the current access will be revoked.

         

After EmpowerID creates the policy, the view one page appears where you can configure Targets of the Recertification and Item Type Scope (Data). A Recertification Policy is only complete once you add the target and scope.

Next Step

Add targets to recertification policies.

 

Â