TopSec

Automated. Compliant. Transparent.

Avaloq Access Security Management on a higher level

With TopSec, you benefit from a powerful tool that largely automates your access authorization process for functional roles—eliminating the risk of manual errors. Whether for a release in the test environment or a hotfix in production, TopSec ensures rapid, secure deployments across all selected databases.

Web UI for automated access security management (based on Oracle APEX)

Workflow- and order-based

Compliant with closed security and consideration of Least-Privilege» principle

Minimal effort, maximal security, full transparency

Key Benefits

TopSec transforms your security request process, manages your functional access and automates your deployments — making it faster, safer, and fully compliant. These key highlights show why leading banks trust TopSec for automated access management.

Audit Compliance

Audit-ready by adhering to the least privilege principle.

Simplification

TopSec is designed to be easily managed by business users, with minimum knowledge in security parametrization

Time Savings

Reduce the time spent on security requests by 85% or more (depending on the current level of automation).

Security

Eliminate risky manual interventions.

Transparency

Maximum transparency and traceability through auditing of the entire order- and workflow-based process.

Automation

Easy and fast to use thanks to automated script generation, technical verification, and deployment.

Our approach

At asubium, we take a holistic and pragmatic approach to access security.

With TopSec, we don’t just offer a tool— we deliver a solution that streamlines your security process while boosting automation, compliance, and efficiency.

Security Process Optimization

TopSec eliminates manual, error-prone steps in your security request process. Automated workflows break down complex tasks into verifiable, auditable actions—saving time and reducing operational risk.

Access Governance

We help banks establish clear role structures with strict adherence to the Least Privilege Principle. Functional and data roles are separated, and inconsistencies are prevented through built-in validations and compliance checks.

Seamless Integration & Compliance

TopSec integrates effortlessly with your existing infrastructure—from ticketing systems to IAM tools. Every step - from request to deplyment - is fully traceable and FINMA-compliant.

Frequently Asked Questions

About our security tool TopSec

How does TopSec support and enforce the principle of Least Privilege?

Under a closed security model, all role change requests are processed through TopSec orders.. Each request must be approved in advance by the security officer and, if necessary, by the role owner. TopSec also helps banks identify and easily remove unused access permissions. This ensures the principle of least privilege is maintained throughout the entire lifecycle of a role.

How does TopSec ensure that security fixes are applied and maintained throughout the release cycle up to production deployment?

TopSec requests are managed through orders. Orders can be created for specific releases and are maintained by the designated security officer. All orders associated with a given release will be automatically deployed to the assigned test databases. Once the release has been deployed to the production environment, all corresponding TopSec orders for that release will also be deployed to production, completing the release cycle.

How does TopSec empower business users to effectively manage security?

All critical process steps are fully automated in TopSec, eliminating the need to develop security scripts. Existing dependencies between security elements—such as task templates, task layouts, and task definitions—are already integrated into the TopSec logic and are managed automatically. With its modern design and intuitive interface, TopSec empowers business users to manage Avaloq security from their own perspective. Thanks to this high level of simplification, no technical security knowledge is required anymore.

How does TopSec validate and ensure that security requests are appropriate and compliant?

Every security request originates from a ticket in the ticketing system. Each TopSec order is always linked to the corresponding ticket, enabling the approver to verify that the request aligns with the intended security changes. Additional safeguards are implemented to ensure compliance: for example, security changes can only be requested for existing security elements, and inconsistent yet technically possible grants are automatically prevented by TopSec. Furthermore, various logs and reports support compliant and efficient management of security changes.

Does TopSec provide options for implementing multiple approval levels for security changes

By default, TopSec supports two levels of approval. Each request initiated by the requester is approved and processed by the executor. Additionally, requests can be routed in advance to the relevant role owner for more granular approval, if required.