Accelerating SOX compliance controls and access with SailPoint platform

“The Turnkey team has vast and deep knowledge of the SailPoint platform and their experience of identity and access management is impressive. Their speed of implementation has enabled us to successfully accelerate the process of onboarding ourhigh visibility SOX applications onto SailPoint to meet strict compliance requirements.”

— Onboarding Lead for Enterprise Access Governance, GlobalHealthcare Organisation

Challenge

The company is committed to operating at the highest standards of corporate governance, which underpins its ability to deliver long-term value and benefit to its stakeholders.

As such the organisation had selected SailPoint for its Identity Security software to provide governance and compliance for its large number of business applications. The software would provision user access through the employee life cycle and quickly identify risk and compliance issues before they become serious. Whether people are changing jobs within the organisation, working on special projects or leaving, the access controls will both enforce and demonstrate compliance, ensuring the organisation is audit-ready.

But the onboarding of applications onto the SailPoint platform was taking longer than planned. Specifically, it had a tight deadline to prioritise the high visibility SOX (Sarbanes-Oxley Act of 2002) applications to ensure that stringent record keeping, audits and controls are adhered to for compliance reasons.

The organisation quickly realised that it was not going to achieve its target of onboarding over 100 applications within the agreed timeframes. Its incumbent partner did not have a fast or efficient onboarding process that would deploy all the applications in time. In particular, it needed to act fast to accelerate the SOX applications and made the decision to ring fence these as a priority.

The companies Onboarding Lead for Enterprise Access Governance explains, “Working with our existing partner we didn’t have the confidence we could deliver these applications onto the platform within the required deadline. There was a clear and urgent directive from our Audit Committee that we needed to prioritise the onboarding of the SOX applications onto SailPoint to deliver on our corporate-wide compliance targets."

Solution

Turnkey was selected by tender to handle the onboarding of the priority SOX applications onto SailPoint. Having previously engaged with Turnkey on a different project, they were confident the expertise and resources were in place to deliver this priority project competently and quickly.

To create standardised provisioning of applications and accelerate the onboarding process, Turnkey quickly set out to create a framework of operating procedures and instructions. The agreed framework enabled rapid onboarding as it standardised all the steps required to onboard, including development, user acceptance testing through to production.

Before the framework was in place, applications were onboarded onto SailPoint and delivered into an informal testing environment early on in the process. If successful, the code would move to UAT and be demoed to the application team. However, deploying to UAT needed approval, so any changes at the demo stage would result in further work creating a lengthier process.

Now Turnkey’s customer has an agile process in place where applications in development are showcased early on to the application owner and any changes or feedback is fed directly into the design process before it is moved into UAT.

The onboarding of applications onto SailPoint has been dramatically improved and accelerated as a result of the framework created by Turnkey. Standardising the unit test cases and carrying out testing before moving to the next environment has resulted in less issues, a reduction in application completion times and improved quality of the delivered solution.

It has also enabled the organisation’s strategic security services provider to get up to speed quickly and add value from a security point of view. With increased compliance and governance around its high visibility SOX applications, it is harnessing the power and capability of its investment in the SailPoint software.

The Onboarding Lead for Enterprise Access Governance highlights, “The SailPoint platform has made the introduction of compliance into our business applications easier and faster, and with Turnkey’s rapid onboarding framework we can apply these tools in an easy-to-deploy, standardised format.”

Benefits 

• Rapid onboarding of applications onto SailPoint: Onboarding of applications is faster and much more standardised within the agreed quality framework where documented templates, processes and instructions have been created.
• Compliant access to SOX applications: The priority SOX applications have nearly all been onboarded onto SailPoint, providing the right controls and governance for user access to meet the auditing requirements of the Audit Committee for SOX.
• Delivering the right access as users change roles: The rapid onboarding of SOX applications means that security risks have been reduced. Staff are now given appropriate access which is automatically adjusted as users change roles, take on new projects or leave the organisation.
• Faster user access manager reviews: Managers can review access controls online for their direct reports much quicker, rather than via the previous paper-based reports, with the review cycle decreasing from three months to just over two weeks.
• Synergy with strategic security services partner: The rapid onboarding of applications framework has helped the strategic security services partner to quickly understand and work with the SailPoint platform which is embedded as part of an overall business transformation at the global healthcare organisation. 
• Self-service access requests: Users can instantly access requests and actions directly in SailPoint as part of the company’s identity-based policies.