Modelling a decision support system for identification and access management of employees in an enterprise
The organization counts around 3000 employees and their operations are done in the whole of the country area. The entire organization is divided into different organizational units specializing in the execution of certain types of work, such as work organization, procurement of necessary resources for work, post-control, billing, risk analysis, IT support, legal service, human resources management, etc. The organization’s total revenue is 2.7 billion €/year. Around 2100 employees (70% of all employees) is directly a part of business procedures that have a financial consequence for the organization.
Generally, 235 organizational units can be grouped into two categories according to the types of jobs that are performed daily in the organizational unit. Organizational units generally can be classified as administrative and operational. Employees are periodically transferred to other organizational units to perform business tasks on time.
The organization's business and security policies have been set up so that employees should periodically change their workplace, at least two times a year, according to their work positions. In this way, employees find it harder to have a personal connection with the parties involved in business processes from which a certain amount of money is collected. Such a policy has valid reasoning because it ensures a higher level of business security, the expected income is higher, and income is realized in a transparent manner according to rules that are the same for all stakeholders, but that kind of constellation also reflects negatively on employees who have to update access rights to the proper level in shorter time intervals, as well as administrators on their user accounts. The result of enforcing business and security policies is a large number of requests for updating user accounts settings and setting adequate information system access rights.
The consequence of such user migrations is the daily processing of dozens of requests for updating user accounts. Employees of the organization’s Human resource unit make decisions when and where a certain employee of the organization moves, based on business and security policies and management decisions. Decisions are made on the basis of employee experiences, professional qualifications and completed educational programs etc. All data on education, knowledge, skills and experience are recorded in an organization’s database managed by employees of the Human resource unit (HRU). As soon as the decision-makers in the HRU decide in which organizational unit an employee will work next, they enter all the data into the database and inform IT administrators who need to update all the business applications that the employee will use in the future. The organization needs to deal with it more simply and efficiently in order to appropriately track the business dynamics.