How ChargePoint Streamlined Their FedRAMP, SOX, SOC 2 & ISO 27001 Compliance Processes

My team and I are responsible for making sure our 1,500+ employees are getting access to the tools they need quickly, while also staying compliant with numerous compliance frameworks such as SOC 2, SOX, PCI, FedRAMP and ISO 27001.

Unfortunately, we were still conducting access requests and user access reviews manually through tickets and spreadsheets.

Too much time and resources were being spent on tedious work that was prone to human error, which often led to employees that were overprovisioned. I needed one tool that would handle all of our concerns.

Priorities

1. Compliance: User access reviews was a manual ordeal. I needed to streamline the process to stay compliant with SOC 2, SOX, PCI, FEDRAMP, and ISO 27001.
2. Time Savings: My team would spend hours every day managing access requests and reviews, and we wanted to get that time back through streamlining our processes.
3. Automation: I wanted to automate as much of the access review and access request process as possible while keeping compliant.

1. Streamlined Access Reviews

My team leveraged Lumos’ integrations and user access review feature to pull in access data, manage access reviews, and notify reviewers in one place. This allowed us to conduct more access reviews, reduce human error, and stay compliant with several compliance frameworks such as SOC 2, SOX, PCI, FEDRAMP, and ISO 27001.

2. Automated Access Removals and Reporting

Access reviews gave us one spot to get visibility into overprovisioned applications. With just a click of a button, we could remove access and know that Lumos would automatically take care of deprovisioning.

On top of that, creating audit reports was simple. I no longer had to compile spreadsheets and documents together. With one button, reports were automatically generated for me and my team, saving hours of time.

3. Compliant Access Requests

My team was used to having 500-600 access request tickets per month for 70+ applications. Those request tickets are now routed through Lumos, giving employees access to applications within minutes while freeing up time and bandwidth for our IT team.

With the help of Lumos’ admin experience, we set up a secure process that delegated approvals to managers and gave employees access within minutes. Plus, with the audit logs, we always knew what was happening.

‍

Increased Compliance + Near-Zero Human Errors

By utilizing Lumos’ data integrations and access reviews, my organization has eliminated the need for spreadsheets and chasing reviewers via email and Slack. Instead, Lumos handles the entire process, end-to-end, allowing us to complete access reviews on a quarterly basis more quickly, efficiently, and with drastically less human errors. Happy IT team, happy auditors.

2x Access Reviews Completed

With the level of automation and streamlining done through the Lumos platform, we’ve been able to conduct more access reviews, and have been able to do them more efficiently as well. Instead of spending hours gathering data and wrangling reviewers, Lumos does all the heavy work for us, increasing our compliance posture.

20 Hours a Month Saved on Access Requests

Lumos has taken over 80% of access request tickets for ChargePoint, saving my IT team 20 hours a month on overseeing access request tickets. We know that compliant protocols are being followed when employees are requesting access, allowing my team to focus on larger and more complex initiatives.