Your browser is not supported

For the best experience, use Google Chrome or Mozilla Firefox.

Case study

The Office of the Public Service Commission (OPSC) deploys NetIQ Identity Governance for audit compliance, improving business participation


Regular user access reviews serve to verify and validate that user access to systems and applications is appropriate given their roles and responsibilities within the organization.

The OPSC conducted its access reviews in an entirely manual fashion, supported by spreadsheets which were reviewed and certified. Mpho Basitere, Head of IT for OPSC, explains: “The process was cumbersome and time-consuming and by the time the review was completed, the situation would have changed again, so it was never a true reflection. Access reviews were conducted twice every year, but audit findings showed this was not frequently enough.”

Some of the OPSC applications were hosted by external providers. For access review exercises they would need to request the information from the application owners and it would often take 2-4 weeks before all the information was collected. From start to finish the certification process would take 6-8 weeks to complete. Business participation was hard to secure as the process was so manual and this resulted in inadequate reviews and certifications.

The OPSC wanted a solution to help them automate access review and certification so that they could perform monthly reviews. Automatic scheduling was a must too, so that it does not become an onerous task for the identity governance administrator.


Micro Focus presented its NetIQ Identity Governance capabilities, and immediately OPSC could see the potential, according to Basitere: “It was clear that, using Identity Governance, we could satisfy auditors and business managers with intuitive user-friendly and automated access certification processes and reports. It was a real worry that our business participation was low as this could lead to unidentified orphan or dormant accounts which ultimately present a security risk to the organization.”

Identity Governance ensures initiatives stay on schedule with automatic system reminders to business reviewers and progress updates for administrators. This means that the identity governance administrator only has minimal involvement to review any escalated issues.

With a combination of internal and externally-hosted applications at OPSC, it was difficult to conduct enterprise-wide access certifications. Using Identity Governance, data from all applications is collected using a wide range of access protocols so that all relevant applications are included in the process.

Once the solution was operational, increased business participation soon followed. Basitere comments: “Access review reporting is made so much easier through Identity Governance. We can conduct far more granular reviews, including privileged user account reviews, as all the information is available within Identity Governance.”

Access revocations are still dealt with manually, but OPSC has included automation of this on its roadmap and Identity Governance fully supports this.


Reduction in orphaned and dormant accounts

1 month

Frequency of automated audits, down from 6 months


Access reviews are now conducted on a monthly basis, which satisfies auditors, and means that the certified information is a true reflection of what currently exists in production. This process requires no paper work and minimal manual intervention.

Basitere: “Using Identity Governance, we have reduced our security risk by at least 50 percent by eliminating any orphaned or dormant accounts, thus closing the security loop available. It has also brought us some cost savings as we will clearly not pay maintenance and renewal charges on those accounts.”

He concludes: “The ability to identify, review, and certify privileged accounts has been really helpful to us. Overall, we are very pleased to have found a solution which has complete buy-in from our business audiences. The monthly access reviews just happen and we always feel confident about the outcome of them. Micro Focus was a fantastic partner for us during this project and we can see how expanding our use of Identity Governance will bring us further efficiencies.”

How can Micro Focus help you succeed?

Office of the Public Service Commission (OPSC) case study

Related stories

release-rel-2021-11-2-7085 | Wed Nov 17 15:06:12 PST 2021
Wed Nov 17 15:06:12 PST 2021