Skip to main content

Data Security Privacy and Compliance

This section emphasizes the importance of protecting sensitive data, complying with privacy regulations, and meeting industry standards in identity integrations.

Compliance & Regulatory Requirements

Quarterly Access Reviews

Conduct privileged access reviews every 90 days via PwC Identity (SailPoint), actioned by application owners or managers.

Refer to the Attestation workflow for more information.

Attestation

Complete quarterly workflows to confirm compliance:

Non-Human Identity (NHI) attestation.

  • 30-character password policy
  • 365 password rotation
  • Primary and secondary owner information
  • Registered to an active CI number

Refer to the NHI Compliance overview for NHI Compliance and annual attestation.

Non-Human Identities (NHI) Annual Attestation: Yearly attestation actioned by primary/secondary owners via the NPA dashboard.

Recommendations

  • Regularly review and update privacy controls to stay compliant.
  • Integrate compliance checks into provisioning and deprovisioning workflows.
  • Enforce MFA and robust access controls across all user types.
  • Conduct periodic access reviews and attestations to maintain compliance.
  • Educate users and stakeholders on secure identity and data handling practices.