AUTOMATED SOX-COMPLIANT ACCESS MANAGEMENT
OVERVIEW
A high-tech company needed to comply with Sarbanes-Oxley (SOX) access controls due to their storage of sensitive financial data. With a large number of users, profiles, and permission sets in their system, they lacked a reliable way to ensure users had appropriate access levels. They also needed an automated process to regularly review and validate user access privileges. Additionally, they sought a more accurate method to forecast product license costs.
THE CHALLENGE
Our client understood the critical need to secure and ensure compliance within their organization’s complex Salesforce data model, which included thousands of users. However, they lacked a structured process to manage this effectively and demonstrate compliance.
TECHNOLOGIES & SERVICES
Salesforce
Apex code
AWS
Github
OUR SOLUTION
To ensure accountability and proper approvals for user access, we enhanced the client's access management process using Salesforce. We set up reports to track user creation and monitor assigned permissions, enabling audits of user licenses and providing transparency into what data users have access to.
Additionally, we developed custom Apex code that automatically deactivates users after a specified period of inactivity, helping maintain a secure environment by reducing the risk of unauthorized access.
To ensure SOX compliance with each deployment, we leveraged Saleforce change set history and Gitbub to track all system changes. We also created a business process to enforce proper documentation, testing, and approval before any deployment, guaranteeing the integrity and stability of the system.