Identity and Access Governance 2020-08-21T16:56:24+02:00

Identity and Access Governance

In an ever-open and interconnected world, access granted into your Information System is an entry point which poses a potential risk for malicious act.

Are you able to measure this risk and know who has access to the resources of your company?

Your internal Information System is composed of a variety of applications, some of which are in the cloud, while new external accesses are opening up (remote work, mobile applications). Therefore, it becomes crucial to establish a detailed, exhaustive map of the rights of your organization from identities to granted rights.


Who has access to what? How and why? These questions are the core of the Identity and Access Governance process. Beyond simple mapping, the life cycle of identities of your organization must be checked to ensure the relevance of granted rights. Good identity and access governance is necessary to:

  • Make sure the processes of assigning rights are respected;
  • Guarantee the removal of obsolete rights in case of a departure or a transfer;
  • Grant collaborators the proper rights that match their tasks;
  • Verify that the rules of your security policy for authorizations are enforced by setting automatic alerts in case of violations.

These four essential points are the foundation of a good governance in compliance with regulations — which will meet the demands of your auditors. Additionally, you will reduce the risk that would come from invalid authorisations.

The problems linked to Identity and Access Governance :

Compliance for access management

An identity control tool has to be able to follow the different regulations (i.e. SOX, LSF, Bâle, PCI DSS, Solvabilité) and security standards (i.e. ISO 27001 standard)…


Mapping the current system

Do you have a project regarding authorization management? Does it involve the integration of an IAM?  The remodeling of your rights management to roles management? The implementation of an SSO?       Or perhaps the creation of an automatic rights control?…

Account reviews or access recertification

In order to prove to your auditors, whether it’s internal control or external auditors, that the rights granted to your users are legitimate, it is essential to…



IAG (Identity and Access Governance) answers, in addition, all your questions regarding…