on the committee ensures that the rules can be translated into controls for homegrown systems and requirements for vendor-supplied products.
The data consumers will document who of their users need what access, the producers will determine whether those requests meet a “business need to know” and the risk folks decide whether any regulatory, legal or control issues exist in any requests and can apply additional oversight for the riskiest roles. By defining these rules of engagement and documenting them, the committee does not need to approve individual access requests, just exception requests for sensitive access, a task that can be handled through basic workflow or collaboration tools. These exception requests can also be monitored for patterns that suggest some roles may need revision. The additional benefit of this collaborative approach is that the control environment is clearly documented, which should result in less painful audits – a situation we would all enjoy…
Popularity: 1%
