Viafintech easily stays compliant with AccessOwl
About
Viafintech digitally connects retailers, corporations and consumers through its platform.
Industry
FinTech
Employees
90
Joiners/Leavers per month
~6
Founded
2011
Challenge
Too much time was spent on documentation and communicating between different stakeholders to on- and offboard employees.
Outcome
Tasks are automatically triggered with a single click. The need for communication between stakeholders has been eliminated and documentation automated.
Background
Viafintech is obligated to comply with different certifications and standards. One of them is ISAE3402, or better known as SOC1. Other relevant standards are BAIT and VAIT which are regulating IT security in the financial sector in Germany.As part of these certifications viafintech is required to have a Single-Source-of-Truth of all granted user accesses and a formal approval process. An integral part of the internal access management is the yearly audit in which an auditor will review existing processes.
To comply with the regulations viafintech started by creating paper documents for every access request. For each request it had to go through the hands of different stakeholders - from requestee to line manager and finally to the IT department. While being completely compliant with the SOC1 regulations this process caused lots of manual work. “With COVID and the start of our work from home policy the old process simply didn't work anymore” said Martin Seener (Senior Director of IT Administration). “We looked at different tools but all required us to change our internal processes significantly. AccessOwl, on the other hand, allowed us to keep our existing processes and use the tool for our yearly audits”.
Solution
Viafintech is using AccessOwl to automate the documentation of every single access. Additionally all manual access requests and approval workflows have been fully digitized and are accessible right in Slack. Not a single piece of paper is used, while still being fully compliant. “In the past we had to print a paper, fill it out, rephrase it, bring it to the line manager, explain it, sign it and so on. Nowadays the same process takes less than a minute and works with the click of a button.” says Martin Seener. In the past there have been cases with former employees still having accounts for tools long after they left the company.
AccessOwl reduced these cases to zero. Thanks to the great usability there are no more questions from line managers or employees on how to get access and do approvals since we introduced AccessOwl.
Ready to automate your access management?