Successfully reported this slideshow.

SAS 70 Audit Strict Password Policies


Published on

  • Be the first to comment

  • Be the first to like this

SAS 70 Audit Strict Password Policies

  1. 1. NetWrix Customer Case Study SAS 70 Audit: Strict Password Policies “Once we were notified about our audit, we immediately began searching for a product that would warn users of password expirations. Luckily, we happened upon NetWrix Password Expiration Notifier, and it does exactly what we were lookingCustomer: for.”Large Healthcare Management FirmNumber of Users: 700 Phil Rudich, Information Technology Manager, a Large Healthcare ManagementIndustry: Healthcare FirmSolution: With an extensive cast of clients and employees stationedIdentity Management across the United States, this was one of the nation’s leadingProduct: managed care providers. By specializing in medical casePassword Expiration Notifier management, the firm’s nationwide representatives help businesses, through their insurance companies, get injuredVendor: employees back on their feet and into the workplace as quicklyNetWrix Corporation as possible via individualized injury case management. As aPhone: 888-638-9749Web Site: company that works closely with both businesses and their insurance companies, the IT department was under theCustomer Profile: careful watch of relevant regulatory compliance auditors, andA leading managed care company responsible for making sure that internal policies were up toproviding nationwide services to date with regulatory compliance companies, self- insuredand governmental entities. The Challenge: Transitioning to Strict Password Policies tofirm’s key business is medical casemanagement, helping businesses, Meet SAS 70 Requirementsthrough their insurance companies,get injured workers back on their feet The firm already had a corporate policy in place dealingas quickly as possible by managing specifically with password management and best practices. Onthat injured worker’s case. Nearly paper, their IT department was doing everything necessary to700 nurses across the country make meet the expectations of their regulatory compliance audits.sure those sick and injured workers Unfortunately, policies are only useful when enforced, and theare receiving the right care, correctmedication and therapy, so that they IT department did not have the resources to make sure that theircan get back to work quickly. well-intentioned password policies were actually being put into practice. Copyright © NetWrix Corporation. All rights reserved.
  2. 2. NetWrix Customer CaseCase NetWrix Customer Study Study“We had users that have been with the Expiration Notifier stood out from thecompany nearly 10 years and had always had competition. It took us only a month to decidethe same network password,” said Rudich. about purchasing the full version and we“We were preparing for an SAS 70, which immediately implemented the solution.”required us to fortify our network complex NetWrix Password Expiration Notifier is thepassword requirements. At the same time, we aptly-named NetWrix solution that enableshad nearly 700 users across the country that strict password policies by scanning specifiedwere part of our Active Directory domain and Active Directory domains or Organizationalneeded access to our network resources and Units for users whose passwords aree-mail. There wasn’t any easy way for us to nearing expiration, and notifying themnotify our remote users of their impending via customizable automated e-mails whenpasswords from being expired, but we needed it’s time to make a password change. Theto start enforcing regular password changes.” tool also sends summary reports to systemIn order to administer the password administrators by e-mail. Armed with thismanagement policies necessary to pass tool, IT management can proactively resolvethe impending compliance audit, the IT password expiration issues for end-users anddepartment needed a solution that would notify service accounts before they occur.both internal and mobile users (who never saw “NetWrix Password Expiration Notifierthe standard Windows notification at login) of allowed us to modify the end-user e-maillooming password expirations. templates,” said Rudich. “This gave us theSolution: Automated Password Expiration edge to not only inform our users through anNotifications e-mail that their password was about to expire, but we were also able instruct our users onThat’s when the IT staff found NetWrix the process of how to change their passwordPassword Expiration Notifier. correctly and what those parameters where.“We looked into using some scripts that were The application also allowed us to run a dailynative to Windows’ OS, but they were not report on those users about to expire and trackvery easy to use and they didn’t give us the their progress. The extremely easy-to-usereporting we required,” said Rudich. “Luckily, interface was also a main selling point.”we found a website that listed several vendors Rudich and his team also noted the benefits ofwith password management products that working with NetWrix’s knowledgeable salesdid what we were looking for. We demoed and support team.about three of them, but NetWrix Password “The sales team was very patient with all of Copyright © NetWrix Corporation. All rights reserved.
  3. 3. NetWrix Customer Case NetWrix Customer Case Study Studyour questions and responded in a timely “Before implementing NetWrix Passwordmatter with answers and a customized Expiration Notifier, there was no easyquote,” added Rudich. “The technical way for us to notify our end-users of theirteam has been top-notch for all our issues, approaching password expiration,” saidcorresponding over e-mail and phone Rudich. “About 80% of our help desksupport.” calls were associated with password and login issues. Since we’ve integrated thisProven Result: Password Expiration application into our environment, thoseNotifications Allows Enforcement of calls have dropped significantly. TheStrict Password Policies Necessary to program also allows us to easily run aPass their Compliance Audit report to determine those users who haven’tWith an audit looming over an IT changed their passwords and/or haven’tdepartment that was struggling to enforce logged into our network in some time. Thispassword management policies, the need solution works extremely well for my ITfor a solution that would enable them staff and end-user support.”to put their policies to action without About NetWrix Corporationhindering productivity from the manymobile users not connected to the Active Established in 2006, NetWrixDirectory Domain was more clear than Corporation provides innovative andever. NetWrix Password Expiration cost-effective solutions that simplify andNotifier provides administrators with automate the management of Windowsan automated solution that proactively networks. With in-depth knowledgeprevents password expirations among and experience managing Windowsinternal and mobile employees, preventing environments of all sizes, the companypassword expirations that might otherwise delivers solutions to meet complicatedhalt productivity and frustrate users. As a business requirements while fulfillingresult, the healthcare services agency has the best expectations of IT professionals.effectively implemented the passwordmanagement practices necessary to passall regulatory audits and also reduced helpdesk costs. Copyright © NetWrix Corporation. All rights reserved.