Access Governance as a Multiyear and Multidimensional Program
- Access Governance: Why is it so difficult?
- There is no easy way out!
- Does Access Govenance have a business case?
- It’s a multi-dimensional challenge therefore many stakeholders need to contribute (e.g. HR, IT, Business, Legal, Data protection)
- How to define priorities?
- Strong program governance is key
Access Governance & Intelligence at Deutsche Bank AG
Following the worldwide financial crisis all Financial Institutions are facing increasing regulatory requirements globally. A major focus is put on the evidence for having implemented a consistent approach to the “Segregation of Duties” (SoD) principle.
A key challenge is to not only achieve this within a specific application or organizational unit, but to continuously check and monitor the implementation across applications, business processes or entire departments in a complex, heterogeneous and global environment. Typical samples are the segregation of Front and Back Office or Development and Production.
To address this problem, in January 2012 Deutsche Bank launched the “Global SoD Program” involving all divisions and functions in designing and implementing SoD rules to cover all relevant scenarios. These rules are automatically executed detecting any SoD conflict or critical access right within the applications in scope. The designated SoD Managers are tasked to resolve these non-compliances by either revoking access or granting temporary exceptions e.g. if such a critical access right combination is required for a hand over period. Caroline Pfeil will describe the highlights of this project which had been finished in 2012.