Home > Practices > Identity Management > Compliance

Compliance

Compliance architecture lets you achieve regulatory and policy compliance in the most cost-effective way possible.

Businesses must comply with an ever-increasing number of regulatory and legislative requirements that affect all levels of the organization. Enterprises need to apply effective controls that meet compliance requirements. Our Compliance practice can help your enterprise to roll out an identity and access management (IAM) solution architected to ensure that access to sensitive systems and data can be controlled and audited.

Fundamental to our Compliance practice’s approach is the concept of a compliance architecture. The compliance architecture concept proceeds from an understanding that a given enterprise is typically subject to multiple sets of overlapping regulations that build an overall set of compliance requirements. For example, a US regional financial services corporation might find itself needing to address compliance requirements derived from Sarbanes-Oxley, Gramm-Leach-Bliley, USA Patriot Act, various state privacy laws and many others within the context of its IAM infrastructure. In addition, an enterprise may have internally adopted a compliance framework such as CobiT or SAS 70 that will shape IAM requirements. And finally, the enterprise will have its own set of internal information security and audit policies that create requirements to be fulfilled by IAM.

Addressing these various requirements incrementally over time in the enterprise’s IAM services can lead to an increasingly inefficient patchwork of compliance-related solutions that creates unnecessary costs for operations and maintenance. A better approach is to develop a compliance architecture that distills the superset of IAM-relevant regulations and directives affecting an enterprise into a more concise and transparent set of requirements that can be mapped to an IAM solution set consisting of technology tools and business processes that verifiably fulfill the relevant compliance requirements. A program to implement the necessary IAM solution set can then be formulated on the basis of the compliance architecture. That program might be to roll out an entirely new IAM solution set if there is none in place, or if the existing solution is considered obsolete. If a satisfactory but only partial solution is already in place, the program would cover integration of additional solution components to enhance or complete the existing IAM solution set.

The aurionPro SENA Systems Compliance practice can provide your enterprise with the consulting support you need to implement a robust compliance architecture, including:

  • Analysis of compliance requirements affecting your company
  • Workshops with key enterprise stakeholders and subject matter experts to develop and communicate the compliance architecture
  • Design of technical IAM infrastructure that will underlie the compliance architecture
  • Business process analysis and (re-)design for IAM services
  • Roadmap planning and program management for rolling out new or enhanced IAM infrastructure and services

Contact us for more information