Case Study

Closing the Gaps: Identity Governance that Protects a Global Brand

From 40% stale access and 20+ audit findings to sustainable compliance with GDPR, SOX, and PCI DSS.

TL;DR
  • Industry Sector
  • Retail
  • Duration
  • 12 months
  • Client Results
    • Onboarding cut from 5 days to 4 hours
    • 90% of stale accounts eliminated
    • Access review completion improved from 30% to 62%, reaching 84% 18 months later
    • Audit findings resolved from 20+ to 3
    • Annual operating savings exceeding $1 million
  • What We Did
    • Recovered and realigned a stalled IAM programme
    • Replaced a legacy toolset with a modern IGA platform
    • Automated joiner, mover, and leaver processes across HR, POS, ERP, Finance, and E-commerce
    • Introduced role based access controls and access certification campaigns
    • Designed a lean operating model with KPIs, training, and runbook

How it started

The retailer operates in 140 countries with 422 stores, 10,000 permanent staff, and up to 70,000 contingent workers during peak seasons. Its stalled identity governance programme could not cope with the rapid workforce shifts required by luxury retail.

Manual joiner, mover, and leaver processes and a legacy toolset caused onboarding delays of 4–5 days, even longer during seasonal peaks. More than 40% of accounts remained active after staff departures, and shared credentials were common in stores. Compliance audits repeatedly raised access governance as a weakness, citing GDPR, SOX, and PCI DSS exposures.

Onaware was engaged to recover the programme, replace the failing toolset, and deliver a solution that aligned security with business pace.

The Results

The realigned programme delivered clear, measurable improvements across the retailer’s identity governance landscape:

  • Faster onboarding
    Seasonal workforce ramp ups that once created delays of 4–5 days were reduced to just 4 hours. Automated provisioning, standardised roles, and streamlined approvals meant new hires could contribute on Day 1, with 78% of workers receiving the right access before they arrived. For store managers, this meant less downtime and faster training cycles during critical trading periods.
  • Stale access eliminated
    Before Onaware’s intervention, more than 40% of accounts remained active after employees or contractors had left, creating significant risk. Automated leaver processes closed this gap, disabling accounts immediately and removing unnecessary entitlements across HR, POS, ERP, Finance, and E commerce systems. Within months, 90% of stale accounts were eliminated, giving security teams confidence that access matched reality.
  • Improved certification
    Quarterly access reviews had previously struggled, with only 30% completion rates and frequent auditor criticism. By simplifying campaigns, presenting entitlements in plain business language, and automating reminders, certification rates climbed to 62%. Importantly, the process continued to mature beyond the project, eventually reaching an 84% completion rate 18 months after conclusion. Managers could make better decisions, faster, and evidence packs stood up to regulatory scrutiny under GDPR, SOX, and PCI DSS.
  • Audit findings reduced
    Weak identity controls had resulted in over 20 key audit findings. Following Onaware’s realignment, controls were embedded directly into business as usual processes, and reporting was automated. Findings fell to just 3, giving the business confidence that auditors could see consistent, repeatable governance in action.
  • Lower costs
    Beyond risk and efficiency gains, the programme also reduced cost. By retiring the legacy toolset and replacing manual processes with automation, the retailer saved more than $1 million annually. IT and security teams were able to refocus on proactive risk management and strategic projects rather than repetitive administration.

Together, these results shifted identity governance from a persistent problem to a source of business value, strengthening compliance, enabling agility, and protecting the retailer’s global brand reputation.

The Full Story

A stalled identity governance programme holding the business back

A luxury retail brand depends on agility. Seasonal ranges, flagship store events, and peak trading windows demand rapid workforce scaling. Yet the client’s identity governance programme had stalled. Manual processes and an ineffective toolset created friction for employees, compliance risk for executives, and mounting frustration across IT and security.

Stabilising leaver risk and restoring access control

Onaware began with a rapid recovery assessment. The priority was to stabilise critical risks, starting with leaver processes to close the 40% of accounts left active after departures. Shared credentials were retired, replaced with named accounts and break glass processes that restored accountability without slowing store operations.

Building a sustainable identity governance foundation

Next, we established HR as the source of truth and automated joiner flows across HR, POS, ERP, Finance, and E commerce systems. Role based access controls simplified entitlement management for store associates, supervisors, managers, and corporate roles. Movers automatically triggered role swaps, and Day 1 access was achieved for 78% of seasonal hires.

Improving access certification and compliance outcomes

Access certifications were redesigned to be usable, with plain language roles and automated reminders. Completion rates improved from 30% to 62% during the project, and the new process proved sustainable. Eighteen months later, certification completion had risen further to 84%, showing lasting improvement in governance maturity. Segregation of Duties policies were introduced to address high risk combinations in finance and retail systems, further strengthening audit outcomes.

Delivering measurable results and business value

Throughout the 12 month engagement, Onaware delivered in lean, phased increments. This restored momentum and confidence, turning a failing programme into a business enabler. Measurable outcomes included onboarding reduced from 5 days to 4 hours, 90% of stale accounts eliminated, and audit findings cut from more than 20 to just 3.

The financial benefits were equally significant. Automation and the retirement of legacy tooling delivered annual operating savings in excess of $1 million, while freeing IT and security teams from manual effort.

Identity as an enabler for growth and agility

For the retailer’s leadership team, the greatest value was risk reduction. Governance that once lagged behind the pace of retail now flexes seamlessly with workforce demand. The business has a sustainable foundation to extend governance further, into cloud services, zero trust adoption, and future digital initiatives.

Identity has shifted from a blocker to an enabler, protecting the brand while supporting the agility that luxury retail demands.