Burgess-Norton saves 75% on Segregation of Duties validation with Dynaflow Compliance
|Name of Customer||Burgess-Norton|
|Customer Industry||Piston pins, powder metal parts|
Burgess-Norton is the world’s largest manufacturer of piston pins and leading producer of powder metal parts. Burgess-Norton, headquartered in Geneva, Illinois, operates six facilities around the world to serve its global customers.
Burgess-Norton is a subsidiary of Amsted Industries, and therefore is obliged to comply with the governance regulation of the holding company. These policies include proper Segregation of Duties (SoD) policies, as dictated by SOX 404 regulations.
Burgess Norton lacked clear visibility of the employee access across different business applications. The manual procedure to get this visibility and to track-and-trace SoD conflicts was a time consuming and therefore costly effort. In order to meet internal SOX audit requirements, alternatives needed to be investigated.
Burgess-Norton reviewed how Griffin Pipe, another Amsted subsidiary, resolved to their satisfaction all their SOX SoD requirements. While Burgess-Norton and Griffin Pipe received similar audit requirements as they both report to the same holding company (Amsted), an analysis was done to validate that Dynaflow Compliance could fulfill the requirements since the enterprise applications they use are different. Upon a positive result of the analysis, Dynaflow Compliance was chosen and implemented.
An important criteria was the ability to detect and resolve SoD conflict across the multiple business applications (MS Dynamics & MAX) in use by Burgess-Norton. Also the ability to automate the conflict scans was an important requirement. This would take out the need to manually start scans and providing direct visibility of conflicts upon their origin. The ability of Dynaflow Compliance to execute preventive scans of proposed
access changes further convinced the Burgess-Norton team that Dynaflow Compliance not only would deliver a great efficiency improvement, but also a security improvement by preventive warnings, even before the actual conflict could arise.
To streamline the implementation even more and to save costs, Burgess-Norton made use of the existing Dynaflow Compliance installation on the server of the sister company, Griffin Pipe. Since Dynaflow Compliance allows the use of multiple repositories, the access data is clearly separated between the companies. “The flexible nature of Dynaflow Compliance allowed us to share the application and the defined policies, saving hardware, implementation, application management and consultancy costs. In addition, we have our clearly separated and dedicated environment. Truly the best of both worlds!”, adds Dina Nikolakopoulos, assistant controller of Burgess-Norton.
- Reduced the SoD validation time and effort by 75%
- Preventing potential risks and saving conflict resolution time by preventive scans on proposed access changes
- Standardization and automation of the conflict resolution process by applying conflict resolution rules
- Significant savings made possible by sharing Dynaflow Compliance with Griffin-Pipe
- Peace of mind, as the ERM holding regulations are integral part of the centralized Dynaflow Compliance conflict rules