iamones

NIS2, Third Party Risk, IAM: Connecting dots and DOCS

Andrea Rossi, CEO - IAMONES
Dec 05, 2024By Andrea Rossi, CEO - IAMONES

NIS2, Third Party Risk, IAM: Connecting dots and DOCS

Third-party risk management is vital for compliance with NIS2. NIS2, as well many other regulations such as DORA, expands its scope to include more organizations and enforces stricter requirements for managing supply chain risks.
Third-party identities, especially those of IT consultants, differ from traditional employee identities. While employees follow predictable patterns tied to job roles and HR systems, IT consultants are dynamic, wearing multiple hats, accessing diverse systems, and posing varied risks.

Core Questions for Third-Party IAM

1. Role Clarity:

  • Who are the IT consultants?
  • What are their tasks and deliverables across projects?
  • Which data and IT resources do they access?

2. Risk Assessment:

  • How are consultants scored or assessed for risk?
  • Have any of them been involved in security incidents, such as credential leaks?

3. Data Source Integration:

  • Where and how is critical information (like project roles, permissions, and risks) captured?
  • Can this data be easily extracted and used for compliance and decision-making?

The IAMONES Solution

IAMONES brings an innovative approach by leveraging a fine-tuned Large Language Model (LLM) integrated with Retrieval-Augmented Generation (RAG) to address these challenges. Here's how:

Unlocking Natural Language Insights

Documents such as Statements of Work (SoW), Data Processing Agreements (DPA), and Project Documents often hold the key to answering identity-related questions. With IAMONES:

  • Document Analysis: The system extracts actionable insights from
    unstructured text.
  • Conversational Queries: Natural language queries like "Who is working on X?"; or "What permissions does Y have?"; are resolved with precision.

Enhanced TPRM Through Identity Intelligence

  • Comprehensive Consultant Tracking: Understand each consultant's roles, data access, and permissions.
  • Real-Time Risk Scoring: Leverage document-derived insights to assess risk dynamically.

Key Benefits

1. Efficiency: Eliminate manual processes by automating document analysis and identity verification.
2. Risk Reduction: Proactively address supply chain risks by identifying
vulnerabilities in third-party access and credentials.
3. Regulatory Compliance: Ensure adherence to emerging standards with real-time insights and robust documentation.