Skip to content

What is Attestation? (Part 1 of 3)

Attestation describes any certification review process where an individual swears to or witness/confirm something important. This term is almost universally used to describe a review/certification process that requires resource owners to verify their authorized users during on an on-going basis. This on-going process

Attestation usually provides an organization with a  measure of protection from liability and the risks associated with the failure of the resource owner to control access the his or her resource so that to comply with legal or regulatory requirements. (See http://en.wiktionary.org/wiki/attestation) 

Three Typical Statements Required for Attestation:

There are three basic tenants that most compliance auditors deem as necessary and in fact the following three statements are actually from a SOX compliance statement.

1. I am the individual who makes the authorization decision for the specific resource(s).

2. These individuals and/ or groups are authorized to use the intended resource(s).

3. I understand which resource(s) I have authorized these individuals to access.

Read Part 2 of 3 here http://www.bobbobel.com/what-makes-attestation-difficult-2-of-3/

Post to Twitter

Posted in Active Directory, Entitlement.

Tagged with , , , , , , .

1 comment

By Bob Bobel July 19, 2009

One Response

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

Continuing the Discussion

  1. Provisioning and Attestation for SharePoint thru ActiveRoles - Quest SharePoint Team - SharePointforAll linked to this post on September 3, 2009

    [...] SharePoint Attestation: For customers who own ActiveRoles Server and ActiveRoles Self-Service manager, this new addition will allow you to extend access certification reviews (a.k.a. Attestation) to your SharePoint Site owners through the easy-to-use self-service interface. The goal of attestation it to have the owner of the site’s data periodically review the individuals that have been granted access. The owner of the data is the logical choice for this type of review because he/she is typically the person who understands the business reasons why a particular user was granted access the data. Period certification reviews also provide a great way to determine which groups in AD are being properly managed – meaning if a group owner fails to perform the review their group is added to a list of suspect groups. If you want to understand more about Attestation, see my recent posts http://www.bobbobel.com/what-is-attestation/. [...]



Some HTML is OK

or, reply to this post via trackback.

Powered by WP Hashcash

« »