Evidian announces an identity and access management service package based on its products to help its customers comply with Sarbanes-Oxley.

The Sarbanes-Oxley law requires safeguarding the integrity of financial reporting. As a result, the companies concerned must prove to their auditors that their control procedures are working correctly. Unfortunately, identity and access management procedures are often difficult to document, because the relevant information must be consulted application by application.

Evidian therefore makes it possible to implement personalized audit reports with its identity-and-access-management and enterprise-SSO solutions.

The first part of this offer provides consulting services that recommend the right solutions, and helps customers meet the control objectives of their security policy. The resulting detailed report description is structured around risks / control objectives / activities and evidence. Finally, Evidian delivers a report specifying the target report templates in compliance with auditor requirements.

A second part concerns the actual implementation of reporting based on the templates specified in the first part. The reports and indicators are integrated with existing tools. Evidian can also assist its customers during an audit, in case of questions pertaining to the interpretation of reports. Moreover, it offers regular follow-up services, to accompany its customers in their security-policy changes.

Customers can thus demonstrate to auditors that their user-identity and application-access management policy is effectively implemented with Evidian’s solution. Thanks to these reports and indicators, controls can also be monitored internally on a regular basis.

To this end, reports can document the status of authorizations at any given moment, application access information (number, origin, etc.), fraudulent authentication attempts, unused application accounts, or even authorization-management operations.

As relevant security-policy indicators can be generated from a central location, the general management can regularly assess the effectiveness of measures taken as a result of Sarbanes-Oxley. Furthermore, the Evidian offer enables a company to immediately implement any security policy measure adopted after a procedural audit.

Embratel, a major telecommunication company in Latin America, has recently finished automating report production using the Evidian solution. Information is generated and then integrated into the general report storage and production circuit used for Sarbanes-Oxley compliance. As a result, identity and access management is now integrated into the global organizational and financial audit approach.