Do you know who your users are?
Account provisioning at your credit union.
The user provisioning process is an integral part of your credit union’s security. It can often be considered an IT problem, but it is an area that affects the security and operation of the entire credit union. User provisioning encompasses not only account creation at hire but also includes the entire lifecycle management of user accounts. A strong user provisioning program addresses account creation at hire, modifications during role changes, account removal, and periodic auditing of accounts.
Account provisioning should be based on the principle of least privilege; granting only those privileges and access that an employee needs to accomplish their work and no more. At a minimum, a good account provisioning program should include the following elements.
- Well defined user request forms that make it easy for managers to request required access that clearly translates to the roles that IT will assign the users to in the credit union’s systems.
- An established process for reviewing all permissions assigned to a user when roles change. This will ensure that permission creep does not take place and grant the employee more access than they need.
- Review of all privileged administrative accounts monthly to ensure that the account is still valid, and the employee still requires those positions.
- Review of all user accounts at least annually and compare against the current roster of employees.
- A well-defined process to ensure that all user access is revoked across all systems at employee termination.
- Management oversight and auditing of the program.
These practices apply whether a credit union runs information systems in house or outsources to a hosting provider or the cloud. A strong user provisioning program can increase the security posture of your credit union.