MetricStream, a governance, risk, and compliance solutions provider, and CrossIdeas, a provider of identity and access governance solutions to large multinational companies, has announced a new integrated solution that helps organizations enhance the effectiveness of GRC programs using Segregation of Duties (SoD) controls.
MetricStream Solution's integration with CrossIdeas ensures companies have robust internal controls to realize their business objectives while managing their risk exposures to financial, operational and reputational losses. The integrated solution helps organizations:
- Minimize conflict of interests and human errors in business processes
- Improve visibility and enforcement for policies across the enterprise
Promote management accountability for user authorizations
Incorporate continuous controls monitoring
- Reduce risk of frauds; and
- Improve cost efficiency and time for compliance.
CrossIdeas Identity & Access Governance suite (IDEAS) offers native support for modeling SoD conflicts with an innovative activity-based approach, which allows organizations to:
- Define conflicting business activities;
- Manage policies;
- Identify all possible combinations where conflicts of interest and incidents of unauthorized access are likely to occur
- Assign permissions to users based on these combinations; and
- Warn managers wherever conflicts arise.
In case of incidents, immediate remedial action is initiated by assigning investigative responsibilities to the appropriate personnel. Automatic email alerts ensure that action plans are carried out to closure.
MetricStream GRC Solution collaborates with CrossIdeas IDEAS to automatically import data from the various infrastructural elements, as well as incidents including SoD conflicts, policy non-compliance, associated risks and other related user identity and access governance information in real-time. The collaboration between the two solutions allows automatic activation of necessary workflows and tasks within MetricStream GRC Solution. This provides advanced capabilities that ensure that proper risk and compliance assessments are conducted, controls and action plans are created and remediation tasks are executed.