Burgess-Norton saves 75% on Segregation of Duties validation with Dynaflow Compliance
Customer Profile
Name of Customer | Burgess-Norton |
Headquarters | Geneva, Illinois |
Customer Industry | Piston pins, powder metal parts |
Web address | http://www.burgessnorton.com/ |
Business Requirements
Burgess-Norton is the world’s largest manufacturer of piston pins and leading producer of powder metal parts. Burgess-Norton, headquartered in Geneva, Illinois, operates six facilities around the world to serve its global customers.
Burgess-Norton is a subsidiary of Amsted Industries, and therefore is obliged to comply with the governance regulation of the holding company. These policies include proper Segregation of Duties (SoD) policies, as dictated by Sarbanes-Oxley (SOX) 404 regulations.
Burgess Norton lacked clear visibility of the employee access across different business applications. The manual procedure to get this visibility and to track-and-trace SoD conflicts was a time consuming and therefore costly effort. In order to meet internal SOX audit requirements, alternatives needed to be investigated.
Solution
Burgess-Norton reviewed how Griffin Pipe, another Amsted subsidiary, resolved to their satisfaction all their SOX related SoD requirements. While Burgess-Norton and Griffin Pipe received similar audit requirements as they both report to the same holding company (Amsted), an analysis was done to validate that Dynaflow Compliance could fulfil the requirements since the enterprise applications they use are different. Upon a positive result of the analysis, Dynaflow Compliance was chosen and implemented.
An important criterion was the ability to detect and resolve SoD conflicts across the multiple business and ERP applications such as MS Dynamics & MAX, currently in use by Burgess-Norton. Also, the ability to automate the SoD conflict scans was an important requirement. This would take out the need to manually start scans and providing direct visibility of conflicts upon their origin. The ability of Dynaflow Compliance to execute preventive scans of access change requests (ACR) further convinced the Burgess-Norton team that Dynaflow Compliance not only would deliver a great efficiency improvement, but also a security improvement by preventive warnings, even before the actual SoD conflict could arise.
Implementation
To streamline the implementation even more and to save costs, Burgess-Norton made use of the existing Dynaflow Compliance installation on the server of the sister company, Griffin Pipe. Since Dynaflow Compliance allows the use of multiple repositories, the application access data is clearly separated between the companies. “The flexible nature of Dynaflow Compliance allowed us to share the application and the defined policies, saving hardware, implementation, application management and consultancy costs. In addition, we have our clearly separated and dedicated environment. Truly the best of both worlds!”, adds Dina Nikolakopoulos, assistant controller of Burgess-Norton.
Benefits
- Reduced the SoD validation time and effort by 75%
- Preventing potential risks and saving conflict resolution time by preventive scans on access change requests
- Standardization and automation of the conflict resolution process by applying conflict resolution rules
- Significant savings made possible by sharing Dynaflow Compliance with Griffin-Pipe
- Peace of mind, as the ERM holding regulations are integral part of the centralized Dynaflow Compliance conflict rules