Implementation of IDM in oncomed

IDM – what is it?

IDM or Identity Management is a key IT system that deals with central control and management of identities and role assignment – i.e. access to individual IT systems and relevant roles. This system ensures that individual employees (or external collaborators) of a company have relevant access to the systems and applications they need to perform their job duties. IDM helps to correctly identify, authenticate, and authorize people, groups of people, or software applications through attributes – including user access rights (roles) and restrictions based on their identity.

Why is IDM so important?

According to a study conducted by (ISC)², 80 % of security breaches are caused by identity access issues, usually by weak or poorly managed credentials or non-compliance with IDM-related procedures and processes.

Individual employee access management enables organizations to eliminate identity theft, data breaches, and illegal access to confidential company information. The entire system also significantly reduces the workload of IT departments, as all the access rights within the company are assigned automatically without further necessary interventions.

The tool eliminates errors that could be caused by manually entering the access rights or that could occur due to insufficient or missing communication between individual departments, typically HR and IT. Last but not least, IDM significantly facilitates compliance with legislation and contractual obligations regarding the security and protection of customer data.

IDM in oncomed

The implementation of IDM in oncomed started in the autumn of 2019. We launched the system in full at the end of January 2020. In recent years, the Company has grown very quickly and it was necessary to think about the solution of individual integrated IT systems, their application roles and the integration method. The introduction of the IDM system significantly supported the intention to have a single central identity for (almost) all applications, to manage them and, according to user profiles, to manage the access to the applications, resources and groups.

A key part of the IDM solution is the integration into a personnel system – VEMA HR. This is the primary source (i.e. the management system) of personnel information and employee contractual relationships with the employer. IDM interprets this data and uses them to automatically manage the start or termination, i.e. any changes in the employee job functions. This feature significantly enables the automation of routine identity management processes.

IDM is an essential element of internal integration – first the office domain was transformed and then integrated as a central user database – all individual AD groups were loaded into the IDM, their structure changed and the individual roles were transparently inserted into the system. The domain for laboratories was next. In the summer of 2022 we plan to migrate the production domain. As a pharmaceutical company, validation of the IDM system in accordance with GAMP requirements was an essential part.

What were the challenges we faced?

The most complicated step was the entire restructuring of the accesses/roles in oncomed – first, it was necessary to compile the individual profiles into new logical units to support automated processing and to allow the connection of other applications and access rights. The original system was more or less manual, it was therefore necessary to add the so-called process dimensions. This was possible with the IDM only.

However, it is an ongoing process – other IT systems are added gradually. Our ambition is to transform the administration of users and roles which can only be handled manually to fully automated. Thanks to this, however, the Company is one step ahead in terms of automation and overall innovation.