Ipiranga Case

novo
Transforme sua
gestão de acessos
com Oráculo.

Generic Users
Ipiranga Case

The Challenge


Ipiranga faced a scenario of weak governance over generic accounts, resulting from an outdated inventory and the decentralized grant flow of non-nominal access.

The absence of standardization and control hampered traceability, increased exposure to safety risks, and compromised compliance with the controls required by the Sarbanes-Oxley Act (SOx).

Objective of the Project

The project focused on updating the inventory of non-nominal users (generic and service accounts), with the purpose of:

• Diagnose risks associated with these accounts through SoD (Segregation of Duties) analysis and critical permissions;
• Strengthen traceability and access security in sensitive environments;
Reduce risks of misuse or unnecessary access;
• Support compliance with SoX requirements through structured governance;
• Complement the identity management process front conducted previously by Vennx.

Approach and deliveries

• Update of the complete inventory of non-nominal users, focusing on systems classified as critical or within the SoX scope;
• Identification of previously uncatalogued accesses;
• Inclusion of “log on to” information in service accounts in Active Directory (AD), ensuring that generic users are limited to specific authorized servers;
• Mapping and validation of profiles with technical managers;
• Execution of obsolete or improper access revocations, based on risk analysis.

Achieved results

• Updated Inventory of Non-Nominal Users, with the regularization of missing data and standardization of information;
• Reduction of risks related to shared accounts or accounts without clear identification of use;
• Greater control over critical permissions in legacy systems;
• Strengthening access governance, in alignment with the pillars of information security and regulatory compliance.

The initiative consolidated an essential layer of Ipiranga's access governance, allowing visibility, control, and security over generic accounts in critical environments. Preventive action reinforces commitment to good IT practices, protection of sensitive assets, and compliance with external audits.

Veja mais cases

Na Vennx, unimos experiência prática, inteligência artificial e soluções tecnológicas sob medida para transformar a complexidade da Governança, Riscos e Compliance. Atuamos lado a lado com empresas que não procuram apenas tecnologia, procuram respostas que geram impacto em suas operações.

01

Detecção automática de inconsistências de acesso.

02

Integração perfeita com sistemas corporativos.

03

Foco na conformidade regulatória com a SOX.

04

Visualize cada ação e obtenha transparência total para auditorias sem surpresas.

Portfolio

Short heading goes here

Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Project name

Tag one
Tag two
Tag three

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat.

Button
Button

Project name

Tag one
Tag two
Tag three

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat.

Button
Button

Project name

Tag one
Tag two
Tag three

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat.

Button
Button

Quer ser mais um
case de sucesso?
Entre em contato.

Falar com um especialista Vennx
Falar com um especialista Vennx