IDnext working group committee has conducted a white paper commissioned by the IDnext foundation, that describes the basic principles that a company can utilise to gain control; presuming an ideal situation is attainable.
The necessity for companies to be “in control” of data protection results into a vast amount of projects dealing with Identity Management and Access Control. Implementation of several IAM suites is often the preferred option. Unfortunately, in practice implementing tools or structuring processes is not enough to get “in control”.
With the increase of laws and regulations, initially emerging as a result of stock market scandals, but subsequently resulting from the current credit crunch, the necessity for organizations to demonstrate that they are “in control” of their operational management grows exponentially. Increasingly, organizations are forced to structure the internal organisation more strictly by adjusting protocol (for instance introducing lean process management techniques) and formulating reports in which accountability can be proved to supervisors.
In order to put the Control problem into perspective and offer solution guidelines, the Identity.Next working group is providing a new vision on Access Governance within a document, assuming that an ideal situation can enable the creation of control measures up to an operational level. And we adhere to some best practices and frameworks (such as ArchiMate patterns) to make implementation fit in the current practice.
Access Governance is the governing philosophy for data protection in which Identity Management and Access Control, but also ownership and responsibility (especially liability!) for the unambiguous application of access control, fall within one organisation. In order to achieve this, certain organisational and technical measurements are evidently necessary.
Interested in this document? please send us an e-mail