One of the biggest challenges in managing financial service organizations is the complexity of controlling user access to information resources. Some of these organizations have attempted to implement roles-based systems to address these challenges, but real-world experience have shown that unless roles fit into a context that ties together existing entitlements, company policies, regulatory requirements, and current business process realities, they simply don't work.
Without this context, the result is a system that can't meet the demands of federal regulations such as the Sarbanes-Oxley Act (SOX) and Gramm-Leach-Bliley (GLB) Act in the U.S. or satisfy global measures such as Basel II/Solvency II capital-adequacy requirements and privacy regulations such as PCI, PIPEDA, CA SB 1386 and EU Data Directive.
This paper describes a new roles-based model of access governance that overcomes the challenges companies have faced in the past and enables financial organizations to:
Deploy a policy based approach to roles management that meets compliance requirements
Gain full visibility into role relevancy and effectiveness
Achieve a sustainable, comprehensive role lifecycle management