Identity and access management IAMT
Manages identity verification and access permissions within organisational systems and environments.
Revision notes
Updates for SFIA 9
- This is a new skill introduced in SFIA 9.
- Theme(s) influencing the updates for this new skill: Support for cyber security working practices (both specialised and general), Making SFIA easier to consume (new levels).
- Previous SFIA assessments or skills mapping of other SFIA skills may be impacted by this new skill. See also Security operations.
Guidance notes
Activities may include, but are not limited to:
- implementing identity and access management (IAM) frameworks in line with organisational goals and compliance with regulations like GDPR, HIPAA, or SOX
- streamlining user authentication with single sign-on solutions and enhancing security with multi-factor authentication
- managing user access rights from onboarding to offboarding, including integration with cloud services, enterprise applications and directory services like LDAP or Active Directory
- using role-based and attribute-based access controls to manage user privileges and access, aligning with organisational roles and attributes
- implementing privileged access management tools for secure monitoring and control of critical asset access
- handling incident responses related to access issues, like unauthorised access or identity theft
- regularly auditing access to maintain security and compliance
- conducting identity governance and administration to enforce policies, managing digital identities including user accounts, groups and roles.
Understanding the responsibility levels of this skill
Where lower levels are not defined...
- Specific tasks and responsibilities are not defined because the skill requires a higher level of autonomy, influence, and complexity in decision-making than is typically expected at these levels. You can use the essence statements to understand the generic responsibilities associated with these levels.
Where higher levels are not defined...
- Responsibilities and accountabilities are not defined because these higher levels involve strategic leadership and broader organisational influence that goes beyond the scope of this specific skill. See the essence statements.
Developing skills and demonstrating responsibilities related to this skill
The defined levels show the incremental progression in skills and responsibilities.
Where lower levels are not defined...
You can develop your knowledge and support others who do have responsibility in this area by:
- Learning key concepts and principles related to this skill and its impact on your role
- Performing related skills (see the related SFIA skills)
- Supporting others who are performing higher level tasks and activities
Where higher levels are not defined...
- You can progress by developing related skills which are better suited to higher levels of organisational leadership.
Click to learn why SFIA skills are not defined at all 7 levels.
Show/hide extra descriptions and levels.
Levels of responsibility for this skill
1 | 2 | 3 | 4 | 5 | 6 |
Identity and access management: Level 1
Performs basic identity and access management tasks, including user account lifecycle management, under supervision.
Maintains accurate records and follows established identity and access management protocols.
Identity and access management: Level 2
Provides assistance for identity and access management operations, including automated role allocation and access control management.
Engages in user identity lifecycle management, including account creation and deletion.
Facilitates operation of identity and access management tools and self-service portals.
Identity and access management: Level 3
Administers standard identity and access management services, implementing policies and resolving related issues.
Manages monitoring, audits and logging for identity and access management systems. Investigates minor security breaches in accordance with established procedures related to identity and access management.
Assists users in defining their access rights and privileges. Designs and implements simple identity and access management solutions, enhancing user access security. Contributes to the enhancement and optimisation of existing identity and access management processes and systems.
Identity and access management: Level 4
Designs and implements complex identity and access management solutions, focusing on automated access control and role allocation.
Oversees the integration of identity and access management services with new technologies.
Provides specialised support for complex identity and access management operations and supports implementation of policies and standards.
Collaborates with stakeholders to align identity and access management with business objectives and emerging security trends.
Identity and access management: Level 5
Offers authoritative advice on identity and access management, ensuring services align with and support evolving business needs and security protocols.
Manages large-scale identity and access management initiatives and oversees the integration of identity and access management services with new technologies, enhancing security and operational efficiency.
Leads operational planning for identity and access management, anticipating future trends and preparing the organisation for scalable growth.
Ensures compliance of identity and access management systems and oversees advanced monitoring and audit processes.
Identity and access management: Level 6
Shapes and defines organisation-wide identity and access management policies, ensuring alignment with business strategies and security requirements.
Champions good practices, advocating for robust and innovative identity and access management solutions across the organisation.
Influences and guides organisational governance, integrating emerging technologies and regulatory compliance into identity and access management strategies.
Reviews and advises on identity and access management aspects and implications of new business initiatives.