The goals for User Guardian are based on the audit research and interview regarding the audit process. These goals will provide terms of reference to construct a scope for the User Guardian project.
The User Guardian goals are as follows:
- Must satisfy audit requirements.
- Flexible to fit or adapt easily with existing audit processes, and be transparent in operation.
- Produce results and evidence to support audit findings and closure of audit points.
- Web based and easy to implement.
- Secure where retaining company information on user accounts and systems.
- Offer functionality to speed up the process of access rights confirmation with team leads and heads of function.
- Complete an audit within a short period of time, to ensure the audit is effective. This is to prevent business as usual activities radically changing the underlying access control data.
- Stay simple to operate to avoid lengthy training and labour intensive operational costs.
- Contain “Bingo Lists” to flag compliance breaches or near compliance breaches where an accumulation of access rights occur.