Professional Documents
Culture Documents
2 Agenda
Hitachi ID corporate overview.
Hitachi ID Suite overview.
The regulatory environment.
The HiAC solution.
4 Representative customers
5 Hitachi ID Suite
6 Regulatory environment
Legislation requiring effective corporate governance and privacy protection impacts organizations
world-wide.
Sarbanes-Oxley Requires that publicly traded companies comply with the proper reporting
of financial information and control access to this information.
SAS 70 Allows service organizations to disclose their control activities and
processes to their customers and their customers auditors in a uniform
reporting format.
HIPAA The Health Insurance Portability and Accountability Act of 1996.
21CFR11 Electronic signature and system protection regulations by the FDA.
GLB Applies to financial institutions and securities firms, aimed at protecting the
privacy of customer data.
PIPEDA The Canadian Personal Information Protection and Electronics Document
Act.
2002/58/EC European Union Privacy Protection Directive.
These regulations call for better internal controls and a policy of least-privilege.
8 Compliance architecture
Shared architecture to meet regulatory requirements:
Externalize administration and governance of identities and entitlements.
User-centric, not application-centric processes.
10 Access certification
HiAC automates periodic review and cleanup of entitlements:
Leverages org-chart data.
Delegates access review, cleanup and certification to managers.
Automated e-mail reminders to managers and other stake-holders.
Stake-holders review entitlements on a web form.
Entitlements are either certified or flagged for removal.
Stake-holders must sign off on completed reviews.
11 HiAC features
HiAC automates periodic review and cleanup of user entitlements:
Capture:
Auto-discovery creates a clear picture of the actual state of user entitlements across the
enterprise.
Leverage org-chart:
Management relationships can be used to structure a certification round. Allows delegation
of access review, cleanup and certification to managers.
Notify:
Executive When the CEO or CFO signs off, they are assured that the process has been
Assurance completed globally. They can then attest to this aspect of internal controls in a
SOX compliance statement.
Proactive Managers are automatically asked to review the rights of their subordinates.
Non-response triggers reminders and escalation.
Full coverage Management pressure down the org-chart ensures that the process is actually
completed globally.
Rapid The only requirement is org-chart data. No role definition or user classification.
deployment
14 Summary
HiAC gives CFOs and CEOs assurance of compliance with privacy and governance regulations:
Internal controls require clean data about users.
Improve security by finding and removing orphan and dormant accounts.
Eliminate unneeded login IDs and security rights left over after users changed jobs.
Actively engage all managers in a periodic review process.
Motivate managers to complete the process.
This is accomplished quickly, without resorting to role engineering.
Learn more at Hitachi-ID.com.
... or ... E-mail access-certifier@Hitachi-ID.com
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com