Data Security Privacy and Compliance
This section emphasizes the importance of protecting sensitive data, complying with privacy regulations, and meeting industry standards in identity integrations.
Compliance & Regulatory Requirements
Quarterly Access Reviews
Conduct privileged access reviews every 90 days via PwC Identity (SailPoint), actioned by application owners or managers.
Refer to the Attestation workflow for more information.
Attestation
Complete quarterly workflows to confirm compliance:
Non-Human Identity (NHI) attestation.
- 30-character password policy
- 365 password rotation
- Primary and secondary owner information
- Registered to an active CI number
Refer to the NHI Compliance overview for NHI Compliance and annual attestation.
Non-Human Identities (NHI) Annual Attestation: Yearly attestation actioned by primary/secondary owners via the NPA dashboard.
Recommendations
- Regularly review and update privacy controls to stay compliant.
- Integrate compliance checks into provisioning and deprovisioning workflows.
- Enforce MFA and robust access controls across all user types.
- Conduct periodic access reviews and attestations to maintain compliance.
- Educate users and stakeholders on secure identity and data handling practices.