Jonathon Sells wrote:
After discussing with my GRC team, the limiting of a single open request per system would not be effective in our large landscape. They mentioned several unintended consequences with the biggest concern of how long open requests take to fulfill.
Jon,
Why does it take so long for requests to go through your approval process? Not enough role approvers/ lack of backup role approvers? Easily correctable. Role approval required for many roles that are display only/ not really sensitive? Not difficult to remedy. Role approvers sit on the requests too long? Funny thing is, when the managers and requesters start calling up the role approvers and asking them what the heck is taking so long for them to make a decision, role approvers start taking action on requests more timely. What else causes slow processing of requests? We have found that a lot of it is training issues, and most of our multi-system GRC requests are closed and provisioned in 24 hours or less, unless there are SOD exceptions to be mitigated.
Cheers,
Gretchen