Continuous Certification

  • Document ID:7011061
  • Creation Date:07-Jul-2010
  • Modified Date:02-Nov-2012
    • Micro Focus Products:
      Access Governance

Environment

NetIQ Access Governance Suite

Situation

Continuous certifications focus on the frequency with which individual items (roles, entitlements, violations) contained within identity-type certifications need to be certified and not on the frequency with which the entire certification needs to be performed. For example, an identity might be assigned accounts on three different applications at different times during their employment within your enterprise. Each of those accounts might require certification on a quarterly basis. Continuous certification tracks each of those accounts individually and generates a certification required notice for each item as its specific certification becomes due. This differs from periodic certifications in that periodic certifications focus on the frequency with which the entire certification must be performed and not on the frequency with which the components from which it is comprised need to be certified.

Continuous certifications do not use the sign off method to track the state of the components with which they are comprised. Continuous certifications track the status of each item using certification reports and tasks. Each item in a continuous certification progresses through three stages:

  1. certified
  2. certification required
  3. certification overdue

When an item enters the "certification required" stage, a notification is sent to the certifier, and a work item is sent to their inbox. The duration of each stage, and the notifications and escalations associated with each, are defined when the certification is scheduled.

The information within continuous certifications is updated on a regular basis using the Refresh Continuous Certifications task. This ensures that when anything associated with the certification changes the certification information is updated. For example, if an employee leaves the company and they are marked as inactive, the Refresh Continuous Certifications task will remove them from the certification. In the same way, if an identity is assigned a new role the task will add that role to the continuous certification. Items are added to a continuous certification by the Refresh Continuous Certification task in the certification required state to ensure that they are certified immediately.