Overview

The basic premise of HR Driven Identity Management is to streamline and automate the process of creating, managing and removing all application and data access privileges across an organisation by leveraging a Human Resource Management System (HRMS) as the single source of truth for all identity information.

In reality HRMS differs from other common sources of identity information (such as Directory Services or Databases) in so far as they are far more likely to accurately reflect the status of an individual in an organisation with regard to their job role.

Access to applications and data based on status and role as indicated by the HR system will therefore provide a more “water tight” control mechanism. Typically, the HR department is the first to know about an employee leaving or changing role, but today there is often a “disconnect” between the HR business process and the often manual and technical process of updating and removing access privileges from systems.

This leads to a number of problems, including; 1) An organisation is unable to identify easily who has access to what systems at any given time, either now or in the past; 2) There becomes a problem of segregation of duties and employees changing roles can find them selves with too many access privileges. In this situation organisation could find itself vulnerable to fraud, and; 3) The number of “orphaned accounts” – accounts with access privileges to important system that haven’t been removed when they are no longer required – grows and represents a security risk.

By formally defining what access privileges a specific role requires and integrating a full identity and resource provisioning solution with the HRMS the process of managing access to corporate assets can be automated. This has a number of distinct advantages for the organisation. Namely:

• Significant costs can be saved through the removal of the administrative overhead – though automation - that is associated with creating, managing and removing user access privileges to information systems.
• Reduced risk to information assets by ensuring that only the right people can access data and applications and that any changes to role or status are immediately reflected across all downstream applications.
• Improved operational efficiency and reduced time granting access to appropriate information systems.
• Reduced impact of regulatory compliance initiatives by categorically knowing who has access to which information systems.

Key Benefits

• Reduced cost of administering identities.
• Mitigate risk to information assets.
• Reduce the burden of regulatory compliance.
• Manage user identity and access privileges at a business process level.
• Improve operational excellence and efficiency.
• Enforce segregation of duties.
• Leverage a common single source of truth for all identity information within an organisation – the HR system.
• Reduction of “orphaned accounts” that are a security risk.
• Employee on boarding process can be dramatically streamlined.
• Manage user identity at a business process level.
• Improved stakeholder satisfaction
• Helps to enforce an end-to-end business process for managing identities throughout the organisation.
• Improved productivity though automation of new employee on boarding process.