The first situation I would like to discuss involves a medium-sized financial institution located in the northeast. When they approached us, they were in need of a web-based system for group management compliance auditing. Every 90 days, they required managers to sign off a paper report indicating the members of distribution and security groups they managed were accurate. Obviously, the shortfalls were many. When the paper was returned, IT admins need to go into Active Directory and make edits as required. Other times managers simply ignored the paper work leaving potential security breaches.
After a thorough analysis of the requirements, we presented a solution that delivered what the client was looking for and also provided suggestions on how to expand the use of the product. A decision to move ahead was made by the client and we set about delivering a proof of concept, at no risk, to prove the capabilities.
In the end, the client was satisfied with the proof of concept and purchased the solution. Basically, the end result provided the following:
For Managers
- Automated email notification to managers that a review of their groups was pending.
- A website to allow managers to view all of their groups and the members thereof.
- The ability to add / remove individuals from each group as appropriate.
- The ability to electronically sign off on the accuracy.
- Consolidated reporting on who has/ has not verified the groups
- Automatic escalation procedure when a review has not occurred within a defined timeframe. (15, 30 and 60 days)
- A portal to provide easy modification of group ownership when a manger departed.
- Ability to maintain white lists of groups that should never need verification.
- An easy method to view what groups they belong to.
- Ability to request membership in other groups (requires managerial / IT approval)
