Bringing structure and control to authorisation management in a customer information system

Brabant Water supplies drinking water to more than 2.7 million people across the province of Noord-Brabant, supported by an extensive customer information system with access rights spread across multiple departments and roles. As the system expanded over time, so did the complexity of its authorisation landscape, creating risks around access governance, segregation of duties, and audit readiness.

The underlying issue was familiar but difficult to resolve: access had grown organically, accountability was unclear, and the organisation lacked a structured framework to understand, justify, and improve the situation.

The challenge

The existing authorisation setup offered insufficient visibility into who had access to which functionality, and on what basis. Potential conflicts of interest, gaps in control mechanisms, and a limited audit trail meant the system no longer met internal compliance requirements or the expectations of external auditors.

Blackbear's role

The assignment was carefully scoped at the intersection of operational need, risk management, and compliance, three disciplines that rarely come together in a single profile. Blackbear identified a specialist with demonstrable experience in RBAC implementations within regulated environments, and supported the process to ensure smooth collaboration across five internal departments and a final result that would be both credible and practically usable.

Result

The engagement produced a fully developed RBAC role model, complete with a risk matrix mapped to roles and access rights. Stakeholders across Legal, Audit & Risk, Finance, and Functional Management were actively involved throughout, with findings presented in a closing session. The resulting implementation plan and accompanying documentation are immediately transferable for internal management and ready for future audits.