← All field reports
FR-04 Compliance Automation
Automated Quarterly Access Reviews for SOC 2
AWS LambdaPythonIAM Identity CenterActive DirectoryGitLabExcel/Evidence
8identity systems consolidated
days → minutesto produce the evidence pack
1repeatable, scheduled run
Architecture — illustrative, anonymized
01 The situation
- Quarterly user-access reviews — a SOC 2 staple — meant manually exporting users from eight different systems, normalizing them by hand, and assembling a spreadsheet under audit pressure.
- The manual process was slow, error-prone, and impossible to reproduce identically the next quarter, which is exactly what auditors want to see.
02 The approach
- Built a set of exporters — one per identity source (cloud SSO, directory, source control, remote access, ticketing, virtual desktops) — normalizing each to a common schema.
- Wrapped them in a single scheduled job that assembles a formatted, audit-ready evidence workbook in one run.
- Designed it to be re-runnable and self-documenting so each quarter’s review is identical and defensible.
03 The outcome
- A days-long manual scramble became a single command that produces the full cross-system evidence pack in minutes.
- Reviews are now repeatable and consistent quarter over quarter — the reproducibility auditors look for.
- Packaged as a reusable service offering: standing access-review automation that compounds in value every cycle.
Have something like this?
Let’s scope your version.
If this maps to what you’re facing, a 20-minute call is the fastest way to find out whether I can help — and a Cloud Quick-Win is the lowest-risk way to start.