Compliance is the process of ensuring that an organization conforms to relevant business laws and regulations. One of the key elements of compliance is attestation, which provides a method for organizations to verify that personnel are fully aware of organizational policies and are taking steps to comply with these policies. By requesting that employees or administrators regularly attest to the accuracy of data, management ensures that personnel information such as user profiles, role assignments, and approved SoD exceptions are up-to-date and in compliance.
To allow individuals within an organization to verify the accuracy of corporate data, a user makes an attestation request, which initiates one or more workflow processes. The workflow processes give the attesters an opportunity to attest to the correctness of the data. A separate workflow process is initiated for each attester. An attester is assigned a workflow task in the My Tasks list on the Requests & Approvals tab. To complete the workflow process, the attester opens the task, reviews the data, and attests that it is correct or incorrect.
The identity applications support four types of attestation:
User profile
SoD violations
Role assignment
User assignment
When an attestation process is initiated, each attester receives an email message indicating that they must complete a compliance task. The message provides a link to the workflow activity that has been assigned to the attester. This behavior is enabled by default, but can be disabled in Designer.
The Compliance Task (Attestation Notification) template determines the content and format of email messages sent to attesters. For more information on this template, see Working with Email Templates.
You must have the Compliance Administrator role to modify compliance settings. For more information, see the description of the Compliance tab in the NetIQ Identity Manager - Administrator’s Guide to Designing the Identity Applications.
NOTE:For compliance and attestation processes, we recommend using NetIQ Identity Governance (formerly Access Review) instead of the identity applications. Identity Governance enables administrators and managers to easily collect all user and access information in one central location and certify that each user has only the level of access that they need to do their job. Following the principle of least privilege, Access Review helps you ensure that your users have focused access to those applications and resources that they use and cannot access resources that they do not need to access. You can review all permissions assigned to your employees, either individually or as a group, and decide whether those permission assignments are appropriate. For more information, see the NetIQ Identity Access Governance documentation.