Identity Gets Smart

SailPoint CEO Interviewed for StartUp City

Mark McClain, CEO & Founder opens up to InformationWeek about identity governance. Watch the video »

Identity Governance Buyer's Guide

Identity Governance Buyer's GuideContains tools to help you identify your priorities, conduct side-by-side product analysis and find a solution that suits your needs. Download the Guide »

Streamline Compliance

Streamline ComplianceLearn how SailPoint makes compliance more effective and sustainable.

Download the Compliance Manager data sheet »

Deliver Convenient Access

Access Request Manager Data SheetLearn how SailPoint delivers access in a policy-controlled environment.

Download the Access Request Manager
data sheet »

Get the Big Picture

Get the Big PictureSee exactly how SailPoint IdentityIQ works.

Download the SailPoint IdentityIQ brochure »

Align Access with Business

Align Access with BusinessLearn how SailPoint strengthens identity governance.

Download the Role Manager data sheet »

Apply Best Practices

Apply Best PracticesLearn how to plan ahead for successful role management.

Download the White Paper: Practical Role Management »

Manage Identity Data

Manage Identity DataLearn how to improve visibility and transparency.

Download the Identity Intelligence data sheet »

Manage Compliance

Manage ComplianceLearn how Identity Governance helps meet compliance requirements.

Download the white paper »

Succeed with SailPoint

Don't take our word for it, see what others are saying.

Stay Connected

Subscribe to our quarterly newsletter.

Subscribe »


Get the latest news and views with SailPoint's podcast series, "The Identity Intelligence Insider"

Listen »  |  Subscribe »

Media Contacts

Kari Hanson
pr@sailpoint.com
phone: 978-373-4003


Michelle Dillon
Beaupre & Co. Public Relations
mdillon@beaupre.com
phone: 603-559-5835

Choose Wisely

SailPoint's innovative approach is getting noticed. Don't take our word for it, see what others are saying.

Subscribe

SailPoint's Identity Intelligence Insider is a monthly podcast series on hot topics in identity risk management.

Listen »

CONTACT US

Hours
8:00AM - 6:00PM CST
Monday through Friday excluding holidays

Email
support@sailpoint.com

Phone
(888) 4SAILPT
(888) 472-4578

Schedule a Demo

Schedule a DemoSee IdentityIQ in action, request a one-on-one demo today.

"By using roles to request, approve and certify user access privileges, BNSF will be able to simplify its user administration and compliance processes. SailPoint IdentityIQ will allow us to enforce and verify role-based access across our critical enterprise applications using a streamlined, automated approach."

Bart Boudreaux, Director, Technology Services, BNSF Railway

"SailPoint helps us define the connection between user access, financial control and intellectual property protection. Their risk-aware approach focuses on the relative risks associated with user access within our business."

Russ Finney, Vice President of U.S. Information Systems operations for Tokyo Electron, U.S. Holdings

"Businesses that are concerned with compliance mandates and ensuring the security and integrity of their IT systems cannot afford 12 to 18 month deployments. With IdentityIQ, organizations can gain immediate payback from automating key governance processes to better address business risk."

Kevin Cunningham, Co-Founder and President, SailPoint
Bookmark and Share

Five Ways to More Effectively Address Compliance

Implementing the right compliance strategy enables organizations to manage compliance as a sustainable ongoing process rather than a one-time event. The following guidelines can help organizations to achieve operational efficiency and more effectively manage business risk without burdening the business with excessive costs.

  1. Maintain a Cross-Regulatory Scope

    Instead of developing policies and controls to address each regulation separately, organizations should create a matrix of common regulatory requirements that can then be used to establish a broader set of controls, policies and processes. There are a number of resources available for helping organizations chart a practical course to meet privacy protection mandates and management oversight requirements, such as the International Standards Organization (ISO) 17799 or the IT Governance Institute’s COBIT compliance guidelines.

    By following the guidelines of a set of related compliance requirements, organizations can define a common policy set and IT controls designed to meet multiple governance and compliance requirements.

  2. Take a Risk-based Approach

    In the United States, the Public Company Accounting Oversight Board (PCAOB) and the Securities and Exchange Commission (SEC) have endorsed a tops-down, risk-based approach as the way to increase the efficiency and effectiveness of complying with Sarbanes-Oxley. Taking a risk-based approach to compliance and governance allows organizations to prioritize and limit the focus of internal controls and audits, and as such, is a key way to reduce compliance costs and the burden on IT staff. More importantly, by assessing and measuring risk over time, they can demonstrate that identity controls are working and effectively reducing corporate exposure and liability.

  3. Automate Controls and Policy Enforcement

    Taking an automated approach to compliance saves significant time and money by building predictability and repeatability into compliance tasks and workflows. Replacing manual methods of collecting and verifying information with automated data collection can also reduce errors, improving management’s confidence in measured results. By speeding the time required to complete tasks such as monitoring and testing, automation enables organizations to respond more rapidly to control weaknesses and detected violations.

    Automating the process of remediating violations and applying compensating controls can likewise reduce manpower requirements and improve compliance results. Most importantly, building an automated approach to compliance gives organizations a scalable and sustainable process for effectively responding to compliance requirements now and in the future.

  4. Get 360-degree Visibility

    Organizations need a complete, enterprise-wide view of compliance, so they can effectively analyze risk, make informed decisions, and implement appropriate controls to satisfy multiple regulatory mandates. A centralized view enables better management decision-making, fosters transparency, and more effectively meets the reporting requirements of auditors and compliance staff.

    In addition, centralization allows organizations to minimize redundant efforts and to streamline compliance processes across departments and business units.

  5. Facilitate Business and IT Collaboration

    To ensure the success of compliance initiatives, organizations must get the right people involved in the process. Collaboration is required across both business and technical stakeholders. Effective management of compliance requires substantial knowledge about the organization and its business processes; financial, legal, and corporate policies; and systems and application security.

    Organizations should proactively address collaboration issues to eliminate the blind spots, redundant activities, and reactive decision-making caused by departmental silos. By implementing tools and processes that break down the barriers between business, IT and compliance and audit groups, they can facilitate proactive communication and collaboration.

SailPoint Compliance IQ Streamlines Compliance Efforts and Lowers Costs

Identity risk management from SailPoint provides a structured approach for dealing with the security, data protection, and privacy requirements imposed by government and industry regulations. By offering a framework for a risk-based approach and a process for translating business policy into technical operations, identity risk management can help organizations achieve sustainable compliance and mitigate risk as well as accomplish business goals.

SailPoint Compliance IQ, as the name suggests, offers an intelligent way to address identity compliance needs. The solution combines identity analytics with compliance automation to help organizations be far more efficient by streamlining and automating repetitive identity compliance processes. Its full-featured access certification, role management, policy enforcement, and activity monitoring components provide convenient and comprehensive control. At the same time, Compliance IQ's reporting and forensic analysis capabilities give companies the visibility needed to effectively meet the burden of proof for external and internal auditors.