Project Objectives
- Investigate current risk and compliance systems on the market
- Research the key drivers for organisations in the use of software compliance tools
- Identify if there is a need for a simple tool that provides compliance reports based on user access data exports
- Analyse the benefits of implementing a simple, low cost tool versus more complex tools on the market
Examples of complex tools on market - IDAM (Identity Access Management) and GRC (Governance, Risk, Compliance).
- Detail problems and requirements for a software compliance tool
- Analyse how information will be collected for the proposed system, with a view to adhere to data protection laws, compliance and IT Security best practice.
- Design a prototype tool to test the functionality (Proof of Concept)
- Run as an Agile project with testing and evaluation during each project sprint
- Evaluate the overall system and make recommendations
- Critically evaluate the project reviewing the success and achievements of the project
- Make suggestions to further enhance the project
Deliverables
The deliverables of my project are:
- Produce a research report into risk and compliance software on the market in order to establish the possible need and scope for a simpler tool. The report will include data collection and analysis of the drivers for compliance tools, requirements gathering and understanding of the problem domain.
- Based on the research report, build a prototype web-based compliance system that can be used to import application user access lists, configure segregation of duties (via an interface) and produce compliance reports.
- Create an evaluation report at the end of the project to review the success and achievements of the project, including suggestions for future enhancements.