Compliance Management

  • TYPE: Combined Session DATE: Tuesday, May 08, 2007 TIME: 16:30-17:30

A new Approach for Compliance Management

KPN’s 'fixed network' division had to prepare for a SOX compliance review as from January 2007. KPN launched various parallel initiatives, including both an identity management improvement programme and a SOX compliance programme. The identity programme aimed at making sure the authorisations in the various applications were appropriate. The SOX compliance programme had as mission to demonstrate that KPN had sufficient control over authorisations in the SOX-material applications. In total, 48 applications were considered SOX-material. These applications spanned a wide range of standard packages such as SAP as well as many in-house developed applications running on a wide variety of platforms.

A team from PwC first performed a pilot with regard to analysing the authorisations in KPN's billing applications. They had to select a tool that was not tied to any particular technology solution. This criteria puts tools such as ACE or Virsa's compliance calibrator out of the question, since they only handle SAP. KPN has a whole range of systems, and they preferred a single tool capable of addressing them all. For this reason, Eurekify’s Sage product was selected. The NIST’s RBAC model (role based access control) was used as a unification mechanism across the various applications. The Sage ‘business process rule’ feature was used to capture business controls such as segregation of duty.

As the pilot was considered successful, the team continued and implemented SOX-based ‘business process rules’ for all 48 SOX-material applications. This was done in approximately three months. The SOX ‘business process rules’ are now executed periodically to demonstrate ongoing compliance for KPN.

Log in to download the presentation:  


Hanco Gerritse ist Leiter Finanzen der internen IT-Abteilung von KPN, die frühere köinglich-niederländische Post & Telefon Gesellschaft . KPN bietet heute Privatkunden und Firmenkunden in den Niederlanden, Belgien und Deutschland Telekommunikations-Dienstleistungen aller Art...

Marc Sel is Director in the “Enterprise Advisory” Department within PricewaterhouseCoopers since 1998. Prior he moved through positions with Texas Instruments, Alcatel and Esso.  In January 1989 he joined Coopers & Lybrand as a consultant.  After gradually building up...


Session Links


1st European Identity Conference

Registration fee:
€1980.00 $2475.00 S$3168.00 21780.00 kr
Mastercard Visa American Express PayPal INVOICE
Contact person:

Mr. Joerg Resch
+49 (0)211 23707777
  • May 07 - 10, 2007 M√ľnchen