Sallie Mae and Société Générale Select SailPoint for Identity Governance and Compliance

SailPoint today announced that Sallie Mae and Société Générale have chosen SailPoint IdentityIQ to automate and streamline their identity related compliance processes. SailPoint IdentityIQ, an identity governance solution, helps corporations of all sizes keep track of who has access to critical applications, data and IT systems while greatly reducing audit and compliance costs. A comprehensive view of user identity data enables customers like Sallie Mae and Société Générale to more easily comply with regulations that require regular audits and certification of access privileges, including SOX, FISMA, Basel II, PCI and the European Union’s Data Protection Directive.

“As a publicly-traded company and financial services provider, we are subject to a variety of regulations including FISMA, SOX, PCI, and SAS 70,” said Jerry Archer, chief security officer for Sallie Mae. “To meet these requirements, we are standardising and automating our compliance processes for identity management, so that we can centrally control who gets access to sensitive resources and maintain compliance as the organisation changes over time. This centralised and automated approach allows us to proactively address risk and more efficiently maintain a compliant, secure environment.”

Identity governance provides companies with an enterprise-wide view of who has access to sensitive or proprietary information and applications. This allows them to analyse risk, make better decisions, and implement the appropriate controls for achieving and maintaining compliance. It also reduces the cost of compliance by creating a consistent, reliable and auditable process to manage access certification and policy enforcement.

“The compliance burden that global companies face will continue to grow in 2010 through additional industry regulations and stronger enforcement of existing mandates,” said Kevin Cunningham, president and founder of SailPoint. “SailPoint IdentityIQ provides companies with the necessary visibility to better understand the risks associated with user access privileges on sensitive information systems, allowing them to strengthen controls and automate compliance processes across the enterprise.”