Justifying the business need for an automated management provisioning and process solution
A hospital system asked CPSG to assist them in justifying the business need for an automated provisioning solution. CPSG
delivered on this request in three distinct steps:
STEP 1:
CPSG facilitated a series of investigative discussions with this hospital’s security and provisioning staff to understand
their current user management provisioning process.
Discovery – CPSG learned this hospital had a very manual process for managing their user community – e.g. provisioning and
password resets. This process sometimes delayed care providers (doctors) from gaining access to critical systems and services.
This resulted in the doctors admitting patients into other healthcare facilities which, in turn, caused lost revenue
opportunities for the hospital. Moreover, the hospital experienced a significant number of helpdesk calls when the staff
could not access information or applications.
STEP 2:
CPSG facilitated a dialogue with the hospital’s Director of Security to understand the hospital’s staffing needs, specifically,
the staff managing the provisioning and de-provisioning process. Additionally, CPSG also worked with the hospital to understand
the loaded labor costs of staff focused on managing the manual user administration process.
Discovery – Because of HIPAA requirements, the hospital had an effective but cumbersome process for managing users and maintaining
an auditable log of “who has access to what.” However, they lacked a central repository where internal audit could review access
to information by user.
Discovery – CPSG discovered that the hospital could significantly improve service levels while realizing a return on investment
by implementing an automated provisioning and user management platform.
STEP 3:
CPSG facilitated a session with hospital management to develop a metrics-based ROI model to support the implementation of an
automated Identity Management (IdM) solution (provisioning, self-service password reset). During this session CPSG gathered
information regarding:
- FTE’s focused on manually provisioning users into the various systems
- Number of help desk calls for password resets
- Number of new employees/contractors added per year and associated turnover rates
- Number of days to actually provision a new user into the appropriate environments
- Number of applications that are legacy vs. applications that authenticate via AD or LDAP
- Loaded labor cost of staff focused on provisioning and password reset activities
- Maintenance costs associated with current automated provisioning components and identity tracking reports
- Process for managing exceptions to the standard access process
Discovery – Based on our preliminary analysis, the hospital system is spending over $700,000 annually for provisioning and password
reset activities. Based on our findings, by implementing an automated provisioning and password reset system, the hospital can
re-allocate approximately $500,000 of resource costs to other areas of their IT organization annually.
|
|
|
