Recertification solution to meet governance and MaRisk requirements

With the support of TIMETOACT GROUP, the IT service provider FI-TS succeeded in raising the quality of authorization recertification to a new level.

As the central IT service provider of the Sparkassen-Finanzgruppe, Finanz Informatik offers the complete IT service - from application development to infrastructure and data center operation to consulting, training and support. It is supported by its subsidiary Finanz Informatik Technologie Service (FI-TS), the largest IT service provider for Landesbanken. Its 1,000 employees work daily in the IT systems of the financial institutions, Finanz Informatik and its own systems - a highly sensitive area in which it must be clearly regulated who has what rights to administer the software in question. The financial institutions serviced by FI-TS are subject to the relevant regulatory requirements, in particular the Minimum Requirements for Risk Management, abbreviated MaRisk, of the German Federal Financial Supervisory Authority (BaFin), compliance with which is also regularly monitored by the authorities. The financial institutions are obliged to pass on these regulations to their subcontractors, so FI-TS must provide all services, including access to software, in compliance with supervisory law.

Access permissions are not cut in stone. In fact, they need to be reviewed regularly as governance requirements become more stringent.

Christian Rothlauf BRM Planung & Beratung Finanz Informatik Technologie Service

For several years, a special Identity Access Governance (IAG) software has been used for internal authorization management. "However, access authorizations are not set in stone", knows Christian Rothlauf: "Rather, they have to be checked regularly in the course of increasingly strict governance requirements". For this reason, a so-called recertification is taking place. It ensures that every user of the IT systems has only those authorizations in these systems at any given time that are necessary for the performance of his or her tasks, whereby the principle of economy (need-to-know) is applied. The managers check for each of the employees assigned to them which authorizations they can retain and which are to be withdrawn. Roles in which several rights are bundled are also recertified. It must therefore be checked whether each role also contains the correct rights at all times.  

Recertification via Excel unclear and error-prone

Site Haar near Munich ©FI-TS

FI-TS carries out such recertifications every six months. To do this, it uses the Nexis Controle software, implemented by its project partner, the IAG (Identity & Access Governance) business unit of TIMETOACT Software & Consulting GmbH. This software replaced the previous Excel-based approach and was tailored to today's business requirements. Previously, it was not necessarily ensured that the managers or those responsible for rights actually saw all rights in the course of their confirmation. However, governance guidelines require technical proof that the manager has also viewed the last Excel spreadsheet and scrolled down the table to the bottom. Another disadvantage of Excel-based work: Not all user types are fully recertified. A distinction is made between personal and technical users and different classes. MaRisk demands completeness here: all authorizations must be checked.

Comprehensive recertification: Exclusive and twin roles and users without an account

With its new recertification software, FI-TS can meet the requirements described above. Among other things, it also enables recertification of exclusive roles, as the IAG system from FI-TS does. Such roles are used to control attributes of employees. Users who have no accounts can also be recertified.

For temporary activation of rights, FI-TS uses the HPU (highly privileged user) procedure. This involves applying for a specific authorization role as normal, but initially no rights are associated with it. These rights can then be activated via a separate workflow and the user is assigned a so-called twin role. The new recertification solution is also able to map this special rights constellation. Architecturally designed as a web application, it works with a universally applicable data model. This model maps the entities of a normal IAG system.

Nexis Controle links third-party systems with IAG software

The data from the IAG solution (Garancy IAM from Beta Systems Software AG), which contains all roles and users, responsible persons and organizational structures, can thus be easily transferred to the recertification solution. They are exported at night and can be adapted, aggregated or filtered again at the interface. In this way, the construct with twin roles and HPU rights is elegantly mapped. FI-TS systems that do not communicate with the IAG software also deliver data from all accounts and authorizations to the certification solution. The latter links it to the IAG solution and thus finds the responsible manager. TIMETOACT created the integrative connection between the individual systems for FI-TS.

The software requires almost no programming, but gets by with pure configuration in the interface and the "clicking together" of settings. This allows granular control of what is to be recertified and displayed.

Christian Höfs Project Lead FI-TS

Even during the first recertification, it became clear how the MaRisk requirement of completeness is being met by FI-TS: In the new system, the manager only ever sees a certain section of the screen, can make a decision for the objects displayed there and then has to click on. This ensures that a decision is actively made for each employee and his or her rights and roles. Thanks to the flexibility of the manufacturer Nexis Controle, the TIMETOACT team was able to implement the customer's current requirements very quickly and make new features ready for standard use within a few weeks. Project manager Christian Höfs: "The software requires virtually no programming, but gets by with pure configuration in the user interface and clicking together settings. This allows granular control of what is to be recertified and displayed".

Another step by FI-TS towards meeting BaFin requirements in authorization management

  • With the implementation of Nexis Controle for recertification by TIMETOACT GROUP's IAG team, FI-TS is compliant with industry regulations when it comes to authorization management.

  • Completeness thanks to a two-tier role model with specialist and component roles. 

  • Continuous updates of recertification through permanent comparison with the IAG software instead of working on a key date basis 

  • Better overview when checking user rights and roles increases overall recertification quality. 

  • Potential for further use of recertification software for role modeling. 

Used technologies:

FI-TS is an innovative IT partner for companies in the finance and insurance sectors.

Download Success Story as PDF
Headerbild zum TIMETOACT Onboarding
Referenz 9/28/20

Onboarding solution of TIMETOACT

Introducing new employees to the company is faster, easier and more efficient with an efficient ticket system in Jira, for example. Our experts have developed a solution for this.
Wissen 4/14/23

General Data Protection Regulation of idea management

Walldorf-based dacuro GmbH provides the external data protection officer for companies, helps with the fulfillment of documentation obligations and advises on all aspects of data protection. Fulfilling the requirements of the GDPR without blocking everyday life is the claim of dacuro GmbH. The team of lawyers and IT specialists provides support for all GDPR challenges, whether they are of a legal or technical nature.
Referenz 3/29/21

vdek introduces new Data Warehouse solution

The TIMETOACT GROUP supports the Verband der Ersatzkassen e. V. in the switch from a system environment to the latest IBM technology.
Referenz

Introduction of Jira to Hamburger Hochbahn

The Hamburger Hochbahn AG controls the development of its new mobility platform "Switchh" via the Atlassian project management tool Jira – introduced, administered and hosted by the TIMETOACT GROUP.
Headerbild Industrial Internet of Things (IIoT)
Kompetenz 9/16/20

Industrial Internet of Things

Whether in industry, urban planning or in the private sphere: The Internet of Things is making our lives easier. In particular, the digitalization of industrial production, saves companies time and money. We support you with your IoT project!
News 12/12/24

JOIN(+) becomes part of TIMETOACT GROUP

TIMETOACT GROUP, a leading provider of IT services for the upper mid-sized-market companies, corporations and public institutions, is acquiring JOIN(+), an experienced consulting firm in the field of Big Data & AI.

Kompetenz

Technology Adoption & Integration

Fully exploit the potential of your IT ► Together we will develop a targeted strategy and provide you with holistic support
Referenz

Migration: City of Göttingen moves Jira service to the cloud

With the support of catworkx, the city of Göttingen migrated its Jira Service Management to the Atlassian Cloud - and thus laid the foundation for more structure, efficiency and growth.
News 12/11/24

JOIN(+) becomes part of TIMETOACT GROUP

Cologne/Villingen-Schwenningen, 11 December 2024 – TIMETOACT GROUP, a leading provider of IT services for the upper mid-sized-market companies, corporations and public institutions, is acquiring JOIN(+), an experienced consulting company in the field of Big Data & AI. The two managing directors of JOIN(+) will continue to manage the company after the transaction and will be responsible for its integration into TIMETOACT GROUP.
Kompetenz

Digitalization and optimization in the manufacturing industr

The TIMETOACT GROUP is a leading provider of solutions for the manufacturing industry.

IT Service Monitoring Lösungen für verbesserte Servicefähigkeit
Kompetenz

IT & Business Service Monitoring Solutions

With IT service monitoring, you can uniformly monitor the IT-supported services in your company. You have an overview of the current status of the services at all times, quickly identify the cause in the event of disruptions and thus remain able to act.
News 2/1/23

We are offering cloud-based SAP solutions consulting now!

TIMETOACT GROUP expands into cloud-based SAP solutions consulting with the acquisition of WCA Walldorf Consulting and target Software Solution
News 1/20/25

beBOLD becomes part of TIMETOACT GROUP

Cologne/Hamburg, January 20, 2025 – TIMETOACT GROUP, a leading provider of IT services for large enterprises, mid-sized businesses, and public institutions, has acquired beBOLD, an independent consultancy specializing in cloud transformation projects. The two founders and managing directors of beBOLD will continue to lead the company after the transaction and oversee its integration into the TIMETOACT GROUP.
Releasewechsel eines eingesetzten IAM-Tools
Referenz

Release change of a deployed IAM tool

TIMETOACT received the order to carry out a major release change for the IAM tool used and to develop the processes back to the standard of the product as far as possible. At the same time, a change of service provider became necessary, which meant that all components of the IAM had to be moved to a new data center.
Headerbild zu Operationalisierung von Data Science (MLOps)
Service

Operationalization of Data Science (MLOps)

Data and Artificial Intelligence (AI) can support almost any business process based on facts. Many companies are in the phase of professional assessment of the algorithms and technical testing of the respective technologies.

Referenz 4/22/21

Flexibility in the data evaluation of a theme park

With the support of TIMETOACT, an theme park in Germany has been using TM1 for many years in different areas of the company to carry out reporting, analysis and planning processes easily and flexibly.
Führender Atlassian-Champion STAGIL wird Teil der Timetoact Group
News 7/6/23

Leading Atlassian Champion: STAGIL becomes part of TIMETOACT

TIMETOACT GROUP, a leading provider of IT services for upper mid-sized companies, corporations and public institutions, acquires STAGIL, one of Germany's largest Atlassian Platinum and Enterprise Solution Partners: With this acquisition, TIMETOACT GROUP's Atlassian consulting portfolio, which is managed under the catworkx brand, moves up into the top league in the German-speaking region. The former STAGIL managing director Björn Frauen becomes co-managing director of catworkx Germany in the course of the merger. He will also become a shareholder in TIMETOACT GROUP. The parties have agreed not to disclose details of the transaction.

News 2/21/24

Trustbit becomes part of TIMETOACT GROUP

TIMETOACT GROUP, a leading provider of IT services for medium-sized businesses, corporations and public institutions, is acquiring Trustbit, an experienced Austrian consulting firm focused on digital transformation and the development of digital business models.
Kompetenz 7/29/21

Cloud native architecture

Digital services require a high level of maturity in architectural work! Service quality, availability, stability and connectivity with adjacent ecosystems are the tip of the iceberg, which is significantly perceived by your customers when using your services.
Intelligente Chatbots mit Google
Produkt

Chatbots

Simpler workflows with AI support and dialog flow. Modern chatbots provide a natural flow of speech.

Bleiben Sie mit dem TIMETOACT GROUP Newsletter auf dem Laufenden!