Changing system access requests (SAR) from a manual procedure to an automated process was an essential step in the ongoing evolution of system access security at Affinity Plus Federal Credit Union, St. Paul, Minn.
The $1.28 billion asset credit union won a 2010 CUNA Technology Council Best Practices Award in the Information Security/Privacy Category for its new automated procedure.
Affinity Plus Federal had continually refined its SAR process over the years to address the varied types of staffing and levels of security found within the credit union’s workforce.
|The time required to complete a system access request has been reduced from days to hours, giving IT staff more time to tackle other projects say Affinity Plus FCU’s Keith Malbrue, chief operations officer (left), and Cary Tonne, vice president, information technology.|
The result was a complex process involving the input of multiple employees and teams within the information technology (IT) staff. This manual system was prone to occasional “misses,” which were highlighted during internal and external audits, prompting additional checks and balances.
A comprehensive solution
Lengthy conversations between IT and human resources (HR) set the objectives for a new SAR solution that would:
- Automate the submission process from a centralized source through to completion and back to the submitter with confirmation;
- Provide comprehensive audit tracking and real time updating of the submission’s current status;
- Offer the ability to submit multiple types of requests through a single portal;
- Provide a comprehensive oversight mechanism to notify management and HR if the process isn’t completed in the established timeframe;
- Satisfy audits and regulators’ reviews; and
- Meet regulatory requirements, such as those set by the National Credit Union Administration.
Next: A SAFE process