Implementation of Role Based Access Control (RBAC) in an IT department
The business unit “Information Technology” supports the international part of this organisation with branches all over the world. Early 2003, this business unit adopted an “outsource” model whereby all core IT processes were contracted out to a large international vendor. Within the business unit, the “Operational Excellence” programme was started to safeguard and enhance the quality of the outsourced processes. This was vested into approximately ten different programmes, each consisting of various projects. The “Control Processes” programme is dedicated to standardise global application access for internal users (permanent and temporary staff, contractors), based on the directives of compliance protocols such as Sarbanes Oxley.
The assignment to my company was to launch a project for the introduction of “Role Based Access Control” on all branch locations world wide, piloted in the London branch offices. As project manager, I was responsible for managing a project team, which consisted of both internal employees as well as third party specialists. Next to the responsibility for time lines, budget control and resource management, I was also involved in the technical design of the RBAC model and the authorisation and acceptance of this model by both internal parties and external auditors. After completion of the project initiation stage, the operational management of the production part of the project was transferred to an internal project leader.