Case Study / Norwegian Cruise Line Holdings
Norwegian Cruise Line Holdings
NCLH improves SoD processes with Fastpath Access Certifications
The Challenge
Norwegian Cruise Line Holdings Ltd. (“NCLH”) is a leading global cruise company that operates three award-winning brands: Norwegian Cruise Line, Oceania Cruises, and Regent Seven Seas Cruises. With a combined fleet of 32 ships, these brands offer itineraries to approximately 700 destinations worldwide. With over 41,000 team members across the globe, the need for automated User Access Reviews was critical.
The NCLH IT compliance team was held responsible for SOX User Access Reviews, which included 450 unique reviewers, 14,000 users to be reviewed, and about 300,000 lines of access to be reviewed across their SOX systems. This included the need to integrate with PeopleSoft, Salesforce and 12 other custom systems. NCLH is subject to SOX and PCI DSS compliance as well as GDPR. Performing these reviews using emails and spreadsheets was a highly manual and time-consuming process that was prone to errors. This is when the CIO and Director of IT Compliance decided it was time to begin looking for a solution.
"Fastpath saved us enough time for our team to take on an additional 7 system UARs – translated to a savings of approximately 300 hours a year"
Director of IT Compliance, Norwegian Cruise Line Holdings
The solution
NCLH obtained Fastpath’s Access Control and Access Certification module to better manage Segregation of Duties (SoD) and Access Reviews.
After NCL assessed other SaaS solutions and custom developed solutions, they found Fastpath was the most cost-effective and met their solution criteria that includes quick to setup, customizable, UI experience and overall functionality.
Following the implementation of Fastpath Access Certifications, NCL has been able to quickly view the status of reviews in a singular report and dashboard, automatically send reminder emails, delegate reviews, prevent self-review and quickly display access rights. Their team members have been able to take on additional responsibilities and have better visibility into status tracking and less time on manual follow ups.
“Overall, it’s a valuable solution for teams handling user access reviews and segregation of duties. The responsive support team ensures timely issue resolution, and our business users have had a positive experience” – Director, IT Compliance
Related case studies
Hearst
Media Giant Hearst Enhances Security and Operationalizes Access Monitoring in Oracle ERP Cloud
Wilson Trailer
A family-owned manufacturer needed help to review their risk management.
Watson-Marlow
A world leader in pumps and fluid transport meets strict internal and external audit requirements by automating Separation of Duties