For nearly two decades, Department of Defense (DoD) personnel seeking access to information systems have grappled with a cumbersome account request process known as the “System Authorization and Access Request (SAAR),” more commonly referred to by its form designation: The DD2875. This process has resulted in significant productivity losses throughout the department, as employees await multiple digital-signature approvals, sometimes as many as four for a single request, before they can gain access to new information system accounts. Until now, there has been no comprehensive enterprise-level solution to address this issue.
Today, we’re proud to announce a new offering, built within ServiceNow, for DoD customers: a secure ServiceNow workflow that automates the SAAR process, through the digital transformation of the DD2875. This solution, built by Intact, is available for customers in the ServiceNow FedRAMP Impact Level (IL) 4 approved Government Community Coud (GCC).
Reducing Manual Data Entry and Time-to-Account Provisioning for Active Duty, Contractors, and Defense Civilians
The inefficiency of the DD2875 process is exacerbated by policies which mandate that users complete a separate DD2875 for each network or application they need to access. Given the diverse range of applications and systems required for official duties, employees frequently find themselves having to submit and await approval for multiple forms, delaying their ability to fully carry out their job responsibilities.
The DD2875 process is prone to delays for several reasons, including:
- Uncertainty About System Points of Contact
Employees are not always aware of the appropriate person for each approval stage for every information system they require, and so they waste time searching this out or sending the form to the wrong approvers. This is especially true for new employees, re-assignments or employees who are working on a particular information system for the first time.
- Limited Visibility into the Process
Leveraging email as the primary workflow tool, users often have limited to no visibility into the approval process, so they are unsure at which stage the request is stuck and how it can get moving again.
- Approver Actions are Not Always Communicated Clearly
Rejections along the approval chain are not always communicated to employees, or those communications may get overlooked in crowded inboxes. This can lead to “ghost” SAARs that may sit for months while an employee wonders why the request is taking so long.
- Requests Lost in Email Inboxes
Approvers are also drowning in email, and without a tool to automatically notify them of a pending request, many find it difficult to manage this intense workload via their inboxes.
- Dependencies on Multiple External Systems
Approvers often must log into other non-integrated information systems to verify employee data prior to approving their DD2875. If those systems are inaccessible for any reason (downtime, lost password, etc.) it can significantly delay the process.
After receiving feedback from users across the department and carefully analyzing the existing process, Intact has developed a scalable, robust solution that replaces legacy form-based processes with a new secure digital workflow, which automates approval validations and notifications to enable efficiencies previously not possible.
Intact’s solution is designed to be fully compliant with existing information system audit and record retention policies. It also enables administrators and system owners to configure “system-tailored” approval workflows for user account requests depending on the requirements of the information system owner, the scale of the user base and customer preferences.
Defense personnel experience the following benefits using Intact’s new digital SAAR workflow:
- Less required manual data entry: Leveraging secure integrations with systems-of-record, the workflow can be configured to pre-populate any combination of required fields.
- Automatic routing to the appropriate persons: Personnel are not required to research who to send their requests to, as this information is configured behind-the-scenes in business logic, system by system, making it impossible for the user to make an error.
- Audit Capabilities and Compliance: Every step of the process is recorded and stored for auditing and compliance requirements. Users can generate a traditional DD2875 PDF, with signatures and populated with all stored data, upon request if required.
- Authentication Reciprocity: Depending on agency policy, personnel now have the option to upload an approved DD2875 and leverage that approval across multiple systems, allowing administrators to rapidly sign off on requests in a secure and auditable manner.
- Track Request Lifecycle: Personnel can clearly track the stage of their request as it flows from approver to approver (or back to them for further information).
Intact is continually maturing this solution for future releases. New features in development include developing the capability to automate SAAR approvals via business rules by integrating legacy systems-of-record. For example, instead of an approver logging into a training database to ensure a user has up-to-date certifications, they can establish the business rule that all users requesting access to System Y must have Training X, Y, Z within timeframe A-B, and automate this approval. This will lead to the ability to automate the provisioning of an account given the approval process flow.
By leveraging the power of ServiceNow, Intact is excited to help solve this longstanding pain point of the DoD by reducing the time-to-work for new employees and improving the audit capabilities and policy enforcement of account provisioning, while dramatically improving the employee experience and decreasing the time-to-work for defense employees.
The solution is available on the IL-4 Government Community Cloud as an add-on to existing users of ServiceNow. It is available as a fixed-price offering with an optional annual maintenance subscription.
Learn more at https://info.intact-tech.com/dd2875_workflow_automation.