Operational Excellence Meets Sarbanes-Oxley

At a glance

Sector:
Healthcare

---

Region:
United States

---

Challenge:
Designing a solution that centralizes the management of dozens of applications and thousands of user accounts and permissions, and also meets Sarbanes-Oxley (SOX) compliance requirements.

---

Products and services:
SailPoint IdentityIQ

---

Results:

• Custom solution that scales for an environment with over 100,000 identities
• Achieving the company’s SOX compliance goals
• Established documented, repeatable build and deployment processes
• The new solution enables the IAM team to make long-term positive contributions to the business, such as shorter time-to-value and enhanced user experience

Overview

In order to be SOX compliant, our client needed to onboard a range of applications into their existing SailPoint IdentityIQ implementation. With a lack of internal resources, they looked to their trusted partner, iC Consult, who had already been updating and reconfiguring SailPoint for twelve months. a sustainable foundation for future acquisitions and innovations.

iC Consult’s team of SailPoint Architects and Identity and Access Management (IAM) experts devised a systematic process that allowed the IAM team to work on multiple applications at one time. The improved process enabled our client to not only achieve their SOX compliance goal but, more importantly, to have zero findings during their SOX audit for applications managed by the iC Consult team. IC Consult implemented standards and processes that will save millions of dollars in audit penalties and operational costs.

Challenge

Our client was a fast-growing company, expanding their IT assets quickly through multiple acquisitions. The influx of new applications and advanced capabilities enabled them to revolutionize the U.S. healthcare system. While the rapid growth fueled opportunity, they were faced with a significant challenge. To support the newly acquired assets, they needed to build out an Identity and Access Management (IAM) program that would allow them to have visibility into their systems and establish controls that could grant and remove access at scale. In addition, the company was preparing for an Initial Public Offering (IPO), which required them to meet Sarbanes-Oxley (SOX) compliance requirements needed to establish and verify public trust.

The company needed to bring dozens of applications and thousands of user accounts and permissions under centralized management that would allow their organization to certify and provision user access, manage user lifecycles, and enforce business policies. They also needed to be able to report this activity to auditors reliably and consistently.

With a complex environment that handles billions of sensitive healthcare transactions each year, along with their IPO in front of them, time was of the essence. The Identity program needed enhancements to meet the compliance standards of a mature and established healthcare organization. The effort was accelerated by the impending IPO and was getting C-level attention, which made the Identity program a large, high-stakes priority.

Solution

iC Consult reviewed and enhanced the client’s existing SailPoint IdentityIQ code base and established documented, repeatable build and deployment processes using tools like Git and Jenkins. These standards laid the foundation for success in the SOX Readiness Project by shortening the build-to-deploy timeline. Using SailPoint’s best practices, iC Consult integrated 48 applications within 11 months, implemented custom solutions to scale for an environment with over 100,000 identities, and paved the way for further development of our client’s IAM program.

Much of the success of the program was a direct result of identifying and articulating requirements in advance. iC Consult created standardized documentation templates that guided integrations for each step of the process. We worked closely with executive leadership, application teams, and business stakeholders to find pain points, plan solutions, and then implement our designs in a predictable, repeatable way for each integration. This reduced time to deployment throughout the development lifecycle, ensured that standards were followed, and ultimately was a large contributor to the achievement of the company’s SOX compliance goals.

To assist in the design of a reliable and secure approach, we leveraged iC ConsultLABS to run feasibility studies and determine the best strategies for their environment. The resulting solutions enabled our client to efficiently build their program around governance, standards, and repeatable pr

Result

Getting past compliance hurdles ahead of their IPO was significant. However, a greater goal was achieved. Through the standardization of processes, they established a path to success for IAM and are enabling the IAM team to make long-term positive contributions to the business. Good process yields shorter time-to-value, enhances user experience, and establishes proper controls. These positive outcomes highlight the value of the IAM program and ensure continued executive support and funding for the program in the future.