How ChargePoint Streamlined Their FedRAMP, SOX, SOC 2 & ISO 27001 Compliance Processes
“Lumos takes care of the overhead tasks Heads of IT and Security are focused on. The platform gave us visibility into our applications and improved our identity management and our security posture. It’s a tool everyone needs.”
The Challenge
My team and I are responsible for making sure our 1,500+ employees are getting access to the tools they need quickly, while also staying compliant with numerous compliance frameworks such as SOC 2, SOX, PCI, FedRAMP and ISO 27001.
Unfortunately, we were still conducting access requests and user access reviews manually through tickets and spreadsheets.
Too much time and resources were being spent on tedious work that was prone to human error, which often led to employees that were overprovisioned. I needed one tool that would handle all of our concerns.
The Priorities
1. Compliance
User access reviews was a manual ordeal. I needed to streamline the process to stay compliant with SOC 2, SOX, PCI, FEDRAMP, and ISO 27001.
2. Time Savings
My team would spend hours every day managing access requests and reviews, and we wanted to get that time back through streamlining our processes.
3. Automation
I wanted to automate as much of the access review and access request process as possible while keeping compliant.
The Solution
“We had multiple pain points and areas of weakness between manual provisioning and access reviews. We wanted one tool to manage everything and help us maintain compliance. Lumos was that tool.”
Streamlined Access Reviews
My team leveraged Lumos’ integrations and user access review feature to pull in access data, manage access reviews, and notify reviewers in one place.
This allowed us to conduct more access reviews, reduce human error, and stay compliant with several compliance frameworks such as SOC 2, SOX, PCI, FEDRAMP, and ISO 27001.
Automated Access Removals and Reporting
Access reviews gave us one spot to get visibility into overprovisioned applications. With just a click of a button, we could remove access and know that Lumos would automatically take care of deprovisioning.
On top of that, creating audit reports was simple. I no longer had to compile spreadsheets and documents together. With one button, reports were automatically generated for me and my team, saving hours of time.
Compliant Access Requests
My team was used to having 500-600 access request tickets per month for 70+ applications. Those request tickets are now routed through Lumos, giving employees access to applications within minutes while freeing up time and bandwidth for our IT team.
With the help of Lumos’ admin experience, we set up a secure process that delegated approvals to managers and gave employees access within minutes. Plus, with the audit logs, we always knew what was happening.
The Impact
“Lumos improved our efficiency, our accuracy, our compliance, and helped us save hours of time every week through automation. Lumos does everything we want from an access and compliance standpoint.”
Increased Compliance + Near-Zero Human Errors
By utilizing Lumos’ data integrations and access reviews, my organization has eliminated the need for spreadsheets and chasing reviewers via email and Slack. Instead, Lumos handles the entire process, end-to-end, allowing us to complete access reviews on a quarterly basis more quickly, efficiently, and with drastically less human errors. Happy IT team, happy auditors.
2x Access Reviews Completed
With the level of automation and streamlining done through the Lumos platform, we’ve been able to conduct more access reviews, and have been able to do them more efficiently as well. Instead of spending hours gathering data and wrangling reviewers, Lumos does all the heavy work for us, increasing our compliance posture.
20 Hours a Month Saved on Access Requests
Lumos has taken over 80% of access request tickets for ChargePoint, saving my IT team 20 hours a month on overseeing access request tickets. We know that compliant protocols are being followed when employees are requesting access, allowing my team to focus on larger and more complex initiatives.
