The GDPR (EU data protection regulation), which is soon to enter into force raises concerns at the HR departments of many organizations: How to ensure that the employees’ personal data is safe? Why an HR should think about data security? Is there anything IAM could help HR with? Why an HR would need IAM solutions and what are the benefits of it? These are the questions that HR professionals are thinking about.
HR possesses a huge amount of highly confidential data, like data on wages, health data or other sensitive employee data which must be secured to keep it from falling into the wrong hands from cloud services or servers. A company may also face legal problems if important HR information is lost or if it’s misused.
This highlights the fact that when we are talking about securing private, HR linked information, it’s best to include also IT. Data security is the most important area on which IT and HR departments should cooperate. Therefore, IT and HR activities are becoming “best friends” in organizations and they are starting to speak same language and use centralized systems.
In this blog I want to underline some aspects in which IAM (Identity Access Management) can help a company’s HR (Human Resources).
Aspects in which Identity Access Management can help HR:
- better data security
- effective functioning of automation and self-service
- compliance with rules and regulations
Entry of a new employee
When a new employee entries into the organization, do you know where he or she needs access to? What level access he or she needs? What about external workers, how are they handled? Are there other fixed-term employees who work for the company perhaps only for few months?
When HR processes are linked to Identity Access Management processes, user management functions smoothly. Access rights are linked to employee data and their changes. An employee gets correct user rights based on the user data of the HR system, and the IAM system can set up accurate user roles.
From the employee’s point of view, it is important that he or she gets all the required access rights immediately when he or she entries into the organization and can start working effectively without a long waiting period. The superior can request the required user rights for the new employee in advance, and the employee feels welcomed. The employee can be productive starting from the very first day!
When an employee decides to leave the company, is the HR capable to remove user rights without delay? Does HR know where the user has access rights and how they are all removed at one time?
Without any kind of centralized identity management, the situation can be very frustrating: it’s not clear, where the users have access to, who manages this and are their user rights still active.
There are different kinds of external standards and regulations like GDPR. These regulations instruct organizations provides guidance to organizations on what should be taken into account in the Identity Access Management. In companies, there are also audits, in connection with which the organizations have to report, what kind of user rights their users have in the system.
Is it clear that the users don’t have dangerous combined roles? An integral part of Identity Access Management (IAM) is the ability to report, who has rights to do what and in which services. Ultimately, it is critical to know who can do what, where and when.
I am senior product manager @Efecte responsible of Efecte Identity Management.