The client employs 30,000 professionals including 5,000 temporary staff, supporting its business operations. Like most BPOs, it has wide array of line of business applications and infrastructure systems to support its operation.
The client needs to ensure that it meets various security norms as set by its own customers, in additional to several regulatory requirements. The applicable security standards mandate mitigating access risk by implementing controls for granting access strictly on as-per-need basis. More importantly, the standards require guaranteed removal of unwanted access to prevent access leakage.
Prior to the deployment of the Identity Management system, client’s IT administration team had been using manual procedures for daily operations such as account provisioning, providing accesses, account disablement etc. Additionally, in absence of automated controls, the client’s information risk management team relied on manual reporting using spreadsheets and sample sets. As a result, both maker and checker roles found themselves vulnerable to human errors.
