Access Management

Access Management

GDPR-compliant Processes Support

Having consulted the public sector and commercial customers, we decided to create a dedicated Access Management module. In accordance with the GDPR recommendations, the system ensures the correct implementation of the process of granting and revoking permissions to IT systems or data sets. Each user request is registered with the website, then forwarded to the manager, then to the DPO (Data Protection Officer), who approves it and has it processed. Access requests are documented with clear reports. If any irregularities are found, the system allows you to start the permissions revocation process. All the approved and rejected requests are recorded.

Inventory of owned IT systems and data sets

In accordance with GDPR recommendations, all systems (applications) and data sets which process or include personal data should be inventoried.

Capability to specify relationships between employees and IT systems and data sets

You can specify user access by named employee accounts for each inventoried resource.

Related attribute sets creation for IT systems and data sets (e.g. access expiry date, access level, sensitive data processing)

Due to the variety of IT system settings, it is necessary to specify the possible usage attributes individually. Expiry dates and permissions transfers are usually common elements. Other attributes are configured according to the resource’s specification.

Creating decision paths for any IT systems and data sets permissions requests

The ITManager system allows you to design an unlimited number of decision paths. They may relate to permissions requests, employee recruitment requests, VPN requests, or devices purchase requests. Each path consists of an unlimited number of steps that, in turn, consist of related system actions.

Individual stages approval by dedicated decision makers defined in the path configuration

The Active Directory integration module (included in ITM) is one of the possible sources of employee hierarchy information. Each request can be automatically forwarded to the appropriate person.

Subject matter and technical stages approval by the designated persons

You can specify technical supervisors and decision makers for all the inventoried IT systems who accept all the permissions requests.

Specifying actions for individual steps (supervisor change)

The path settings wizard allows for an unlimited number of actions associated with a path step. Default actions may include request status change, request transfer to the decision maker, or creation of additional tasks related to the request.

Automatic relationships creation upon request approval

By entering all the data at the request configuration and edition stage, the ITManager system will automatically establish the required relationship between the requester and the target system or data set. All the relationships are recorded in history.

Permissions revocation requests support (end of access period, employee dismissal)

The correct permissions requests approval implementation model must also include the revocation process. The ITManager system allows for automatic generation of the required requests upon the permissions expiration date.

IT systems and data sets permissions reporting for individuals

The ITM allows to generate a report of the owned IT systems and the associated employees for auditing purposes. A detailed analysis includes permissions granting history, i.e. individual steps approval dates along with a list of decision makers.

IT systems and data sets employee permissions reporting

Analogically, an employee-side report is available, with a list of IT systems and data sets.

Generating an Employee Permissions Card for a personal file

The print wizard included in ITManager has been extended with a dedicated permissions card (with a full appearance and data scope customization). By default, the card contains information on IT systems and data sets related to the employee, together with the access expiration date.