In most organizations, data about what privileges users have exists solely inside individual systems and applications. This makes it difficult for auditors to answer simple questions, such as:

• Who has this privilege?
• What privileges does this user have?
• When did this user acquire this privilege?
• Who authorized this privilege?

When these questions are hard to answer, they are rarely asked. This weakens internal controls.

• Access Certifier includes an auto-discovery engine which regularly lists user and privilege data from every integrated system.
• The internal Access Certifier database tracks both current and historical privilege data.
• The Hitachi ID Management Suite workflow engine can be used to request and approve changes. This creates are record of who and why, not just what and when.
• Built-in reports can answer questions about privileges, including:
  • Who has this privilege?
  • What privileges does this user have?
  • When did this user acquire this privilege?
  • Who authorized this privilege?
  • What privileges violate SoD policy and have exceptions been approved?

Access Certifier can be used by organizations to more readily audit user privileges, including change history and policy violations.