Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Workforce Mover Process

Description

The Workforce Mover Process is the process that receives announcements by designated authorities of workers’ function changes and adapts their identities and access permissions. Its fundamental goals are to sustain the organization’s productivity while assuring security.

Key Requirements

  • Sustain the organization’s productivity by assuring a smooth transition of the worker from the original function to the announced function

  • Facilitate knowledge transfer activities during the transition period, which may require the controlled retention of some access permissions linked to the original function during the transition.

  • Mitigate operational risks caused by inadequate segregation of duties during the transition period.

  • Mitigate security risks caused by privilege creep.

  • Assure clear accountability throughout the overall process.

Triggering Events

  • The announcement of the worker’s functional move by the organization’s designated authority.

Inputs

  • The identity of the mover

  • The worker’s new function

  • The planned date for the move

  • Conditional: special needs of access retention during a prolonged period to assure a smooth transition and knowledge transfer

Timeline

  1. Mover Decision

  2. Mover Announcement

  3. Preparation Period

  4. Effective Move Date

  5. Transition Period

  6. Process Completion

Key Activities

  • Role Engineering: If the worker’s new function is a new function within the organization, or if the new function is modified, role engineering may be required to set up adequate business roles.

  • SoD Policy Enforcement: If the organization has SoD requirements making the worker’s previous and new functions partially or completely incompatible, assure that these requirements are complied with during the process or implement mitigating controls.

  • Facilitate knowledge transfer and a smooth transition: When necessary and within the limits of SoD and security requirements, identify the identities and access permissions linked to the worker’s previous function that will be needed after the move date and during the transition period to assure a smooth transition and adequate knowledge transfer, and post-pone their revocation to the end of the transition period.

  • Identification and revocation of obsolete identities and access permissions: Assure that the identities and access permissions that are no longer required by the worker’s new function are revoked. Business roles are a fundamental facilitator for this activity.

  • Identification and provisioning of new identities and access permissions: Assure that the identities and access permissions required by the worker’s new function are provisioned. Business roles are a fundamental facilitator for this activity.

  • Access Recertification: Depending on the organization’s access recertification policy, trigger the required access recertifications.

Main Output

  • Completed Mover

Alternative Outputs

After the mover announcement which marks the original intention of changing the worker’s function, circumstances may change before process completion, leading to the following alternative outputs:

  • Canceled Mover: When the announced change of function is canceled and the worker finally stays at his original function.

  • Mover to Leaver: When the announced change of function is canceled because the worker leaves the organization.

  • Mover to Mover: When the newly announced function is modified for yet another function.

Alternative outputs are less usual. If they are not planned and managed properly, they may typically cause productivity or security issues.

Key Indicators

  •  Document the Workforce Movers indicator

Version

1.0

Status
colourYellow
titleDraft

Process Map

IAM Process Map

Parent Process

Sub-Processes

  • Worker Planned Mover

  • Worker Immediate Mover

Related Processes

  • Access Recertification

  • Role Engineering


Quotes

Info

Quotes are only available to subscribed users.

Filter by label (Content by label)
showLabelsfalse
max50
sorttitle
cqllabel in ( "mover" , "workforce-mover" , "mover-process" , "workforce-mover-process" ) and label = "quote-item"

Bibliography

Filter by label (Content by label)
showLabelsfalse
max50
sorttitle
cqllabel in ( "mover" , "workforce-mover" , "mover-process" , "workforce-mover-process" ) and label = "bibliographic-entry"

See Also

Filter by label (Content by label)
showLabelsfalse
max50
sorttitle
cqllabel in ( "mover" , "workforce-mover" , "mover-process" , "workforce-mover-process" ) and label not in ( "quote-item" , "bibliographic-entry" )