Unlocking Success: Expert IAM Solutions and Insights from GCA

Save Time with Access Reviews Focused on New Access

Written by Bob Giguere | December 13, 2024

Find the middle ground between compliance regulations and time spent on access reviews.

Current Situation: The HITRUST controls this organization sought to meet dictated that application access rights needed to be reviewed every 90 days for all accounts. With 15 applications in their Phase I HITRUST scope across 80,000+ identities, millions of review decisions were required to be made by managers annually in their SailPoint IdentityIQ Compliance Manager implementation.

Impact: The organization's CIO recognized reviewing this large volume of access every 90 days was eating up manager resource time. He worked with the HITRUST external auditors, and they adjusted their plan to review all new access every 90 days and review all previously reviewed access once per year.

Resolution: To meet this requirement, GCA developed an "Exclusion Rule" in SailPoint IdentityIQ which excluded any previously reviewed access within the last 365 days. 65% of the planned review decisions were eliminated with this rule, saving thousands of hours of effort.