Access Recertification


The following case study describes the key components of our re-certification approach and the benefits it has delivered for one of our clients.

This client is a major mutual life and pensions company which asked i-confidential to provide it with a quick-to-deploy, automated recertification process.


Recertification validates that people have the appropriate permissions to access the organisation’s data. Our approach uses our own simple recertification tool that is designed to be quickly deployed and delivers a tailored and repeatable process. It aggregates and centralises data into a clear business format that makes it easy for line managers to carry out their re-certification tasks.

To rapidly identify any inappropriate access due to the lack of a defined and embedded IAM framework, we proposed that the client take advantage of our agile and effective access re-certification approach. As well as enabling inappropriate access to be remediated quickly for the critical financial systems in Phase 1, this provided the client with a cost-effective and robust recertification control.

Prior to the recertification review, i-confidential worked with the client to ready business units and data. i-confidential rapidly loaded user access lists for 140 applications into i-confidential’s automated recertification tool. The data was cleansed and sent out to 500 line managers to review in a user-friendly format. Following the conclusion of each recertification cycle, i-confidential produced a revocations list to allow the organisation to remove any access deemed inappropriate.




140 applications reviewed

500 line managers contacted

35,000 user entitlements reviewed

We covered 95% of all applications, and ensured 500 line managers reviewed c. 30,000 user entitlements. The i-confidential recertification service enhanced operational efficiency and provisioning of users by conducting accurate and consistent reviews in a timely and automated fashion. Removing inappropriate and redundant user access rights resulted in a reduced information security risk throughout the organisation.