More Related Content
More from Netwrix Corporation
More from Netwrix Corporation (20)
SAS 70 Audit Strict Password Policies
- 1. NetWrix Customer Case Study
SAS 70 Audit: Strict Password Policies
“Once we were notified about our audit, we immediately began
searching for a product that would warn users of password
expirations. Luckily, we happened upon NetWrix Password
Expiration Notifier, and it does exactly what we were looking
Customer: for.”
Large Healthcare Management Firm
Number of Users: 700 Phil Rudich, Information Technology Manager, a Large Healthcare Management
Industry: Healthcare Firm
Solution: With an extensive cast of clients and employees stationed
Identity Management
across the United States, this was one of the nation’s leading
Product:
managed care providers. By specializing in medical case
Password Expiration Notifier management, the firm’s nationwide representatives help
businesses, through their insurance companies, get injured
Vendor: employees back on their feet and into the workplace as quickly
NetWrix Corporation
as possible via individualized injury case management. As a
Phone: 888-638-9749
Web Site: www.netwrix.com company that works closely with both businesses and their
insurance companies, the IT department was under the
Customer Profile: careful watch of relevant regulatory compliance auditors, and
A leading managed care company responsible for making sure that internal policies were up to
providing nationwide services to
date with regulatory compliance standards.
insurance companies, self- insured
and governmental entities. The
Challenge: Transitioning to Strict Password Policies to
firm’s key business is medical case
management, helping businesses, Meet SAS 70 Requirements
through their insurance companies,
get injured workers back on their feet
The firm already had a corporate policy in place dealing
as quickly as possible by managing specifically with password management and best practices. On
that injured worker’s case. Nearly paper, their IT department was doing everything necessary to
700 nurses across the country make meet the expectations of their regulatory compliance audits.
sure those sick and injured workers Unfortunately, policies are only useful when enforced, and the
are receiving the right care, correct
medication and therapy, so that they
IT department did not have the resources to make sure that their
can get back to work quickly. well-intentioned password policies were actually being put into
practice.
Copyright © NetWrix Corporation. All rights reserved.
- 2. NetWrix Customer CaseCase
NetWrix Customer Study
Study
“We had users that have been with the Expiration Notifier stood out from the
company nearly 10 years and had always had competition. It took us only a month to decide
the same network password,” said Rudich. about purchasing the full version and we
“We were preparing for an SAS 70, which immediately implemented the solution.”
required us to fortify our network complex
NetWrix Password Expiration Notifier is the
password requirements. At the same time, we
aptly-named NetWrix solution that enables
had nearly 700 users across the country that
strict password policies by scanning specified
were part of our Active Directory domain and
Active Directory domains or Organizational
needed access to our network resources and
Units for users whose passwords are
e-mail. There wasn’t any easy way for us to
nearing expiration, and notifying them
notify our remote users of their impending
via customizable automated e-mails when
passwords from being expired, but we needed
it’s time to make a password change. The
to start enforcing regular password changes.”
tool also sends summary reports to system
In order to administer the password administrators by e-mail. Armed with this
management policies necessary to pass tool, IT management can proactively resolve
the impending compliance audit, the IT password expiration issues for end-users and
department needed a solution that would notify service accounts before they occur.
both internal and mobile users (who never saw
“NetWrix Password Expiration Notifier
the standard Windows notification at login) of
allowed us to modify the end-user e-mail
looming password expirations.
templates,” said Rudich. “This gave us the
Solution: Automated Password Expiration edge to not only inform our users through an
Notifications e-mail that their password was about to expire,
but we were also able instruct our users on
That’s when the IT staff found NetWrix the process of how to change their password
Password Expiration Notifier. correctly and what those parameters where.
“We looked into using some scripts that were The application also allowed us to run a daily
native to Windows’ OS, but they were not report on those users about to expire and track
very easy to use and they didn’t give us the their progress. The extremely easy-to-use
reporting we required,” said Rudich. “Luckily, interface was also a main selling point.”
we found a website that listed several vendors Rudich and his team also noted the benefits of
with password management products that working with NetWrix’s knowledgeable sales
did what we were looking for. We demoed and support team.
about three of them, but NetWrix Password
“The sales team was very patient with all of
Copyright © NetWrix Corporation. All rights reserved.
- 3. NetWrix Customer Case
NetWrix Customer Case Study
Study
our questions and responded in a timely “Before implementing NetWrix Password
matter with answers and a customized Expiration Notifier, there was no easy
quote,” added Rudich. “The technical way for us to notify our end-users of their
team has been top-notch for all our issues, approaching password expiration,” said
corresponding over e-mail and phone Rudich. “About 80% of our help desk
support.” calls were associated with password and
login issues. Since we’ve integrated this
Proven Result: Password Expiration application into our environment, those
Notifications Allows Enforcement of calls have dropped significantly. The
Strict Password Policies Necessary to program also allows us to easily run a
Pass their Compliance Audit report to determine those users who haven’t
With an audit looming over an IT changed their passwords and/or haven’t
department that was struggling to enforce logged into our network in some time. This
password management policies, the need solution works extremely well for my IT
for a solution that would enable them staff and end-user support.”
to put their policies to action without About NetWrix Corporation
hindering productivity from the many
mobile users not connected to the Active Established in 2006, NetWrix
Directory Domain was more clear than Corporation provides innovative and
ever. NetWrix Password Expiration cost-effective solutions that simplify and
Notifier provides administrators with automate the management of Windows
an automated solution that proactively networks. With in-depth knowledge
prevents password expirations among and experience managing Windows
internal and mobile employees, preventing environments of all sizes, the company
password expirations that might otherwise delivers solutions to meet complicated
halt productivity and frustrate users. As a business requirements while fulfilling
result, the healthcare services agency has the best expectations of IT professionals.
effectively implemented the password
management practices necessary to pass
all regulatory audits and also reduced help
desk costs.
Copyright © NetWrix Corporation. All rights reserved.