Information technology is the great ally in the adjustments that private and public companies will have to make to adapt to the General Data Protection Law (LGPD). The rules were expected to come into effect in August 2020 and will now be valid in May 2021. Thanks to the innovative solutions available in the Information Security market and consulting services for processes and implementation, organizations will be able to process data and comply with the rules and measures regarding unauthorized or illegal access.
It is important to emphasize that in paragraph 1 of chapter VII, item VII of SECURITY AND GOOD PRACTICES, the National Data Protection Authority (ANPD) – which is still in the process of being established – may establish minimum technical standards to make the exposed measures applicable, considering the nature of the information processed, the specific characteristics of the processing, and the current state of technology, especially in the case of sensitive personal data, and it is clear from this item the mandate to follow the established technical standards that ensure the maximum protection of the information.
Given the scenario regarding the changes that the LGPD application will bring about, Raise IT, a specialist in "Identity Management," has prepared a visual and easy-to-understand material that explains how information security management tools are applied in practice and indicates some cutting-edge solutions to bring your company within the required compliance standards.
Let's move on to some tips for solutions to protect your data in an agile and secure way:
IGA (Identity Governance and Administration – Administração da Governança da Identidade)
A Governança de Identidades baseia-se inicialmente no conceito da gestão do ciclo de vida de uma identidade, onde uma identidade define-se como qualquer credencial que concede acesso a um ou mais sistema ou serviço em um ambiente corporativo.
When we focus our attention on the staff of employees, service providers, and other possible actors within an organization, we identify a great challenge in managing these credentials and the access granted to them for systems, considering that everyone must have the "essential" access for the execution of their activities, without excess or insufficient access.
The process of granting this access is called “provisioning” of access and is part of identity lifecycle management.
Complementary to lifecycle management, Identity Governance must ensure that access management policies such as granting, suspension, revocation, certifications, and access segregation are correctly executed and, more importantly, are auditable.
Therefore, determining who has access to what, who requested it, who approved it, and who should be periodically controlled is part of Identity Governance Administration.
Source:https://www2.camara.leg.br/legin/fed/lei/2018/lei-13709-14-agosto-2018-787077-publicacaooriginal-156212-pl.htm – CAPÍTULO VII DA SEGURANÇA E DAS BOAS PRÁTICAS
