Identity and access management IAMT

Manages identity verification and access permissions within organisational systems and environments.

Revision notes

Updates for SFIA 9

This is a new skill introduced in SFIA 9.
Theme(s) influencing the updates for this new skill: Support for cyber security working practices (both specialised and general), Making SFIA easier to consume (new levels).
Previous SFIA assessments or skills mapping of other SFIA skills may be impacted by this new skill. See also Security operations.

Guidance notes

Activities may include, but are not limited to:

implementing identity and access management (IAM) frameworks in line with organisational goals and compliance with regulations like GDPR, HIPAA, or SOX
streamlining user authentication with single sign-on solutions and enhancing security with multi-factor authentication
managing user access rights from onboarding to offboarding, including integration with cloud services, enterprise applications and directory services like LDAP or Active Directory
using role-based and attribute-based access controls to manage user privileges and access, aligning with organisational roles and attributes
implementing privileged access management tools for secure monitoring and control of critical asset access
handling incident responses related to access issues, like unauthorised access or identity theft
regularly auditing access to maintain security and compliance
conducting identity governance and administration to enforce policies, managing digital identities including user accounts, groups and roles.

Understanding the responsibility levels of this skill

Where lower levels are not defined...

Specific tasks and responsibilities are not defined because the skill requires a higher level of autonomy, influence, and complexity in decision-making than is typically expected at these levels. You can use the essence statements to understand the generic responsibilities associated with these levels.

Where higher levels are not defined...

Responsibilities and accountabilities are not defined because these higher levels involve strategic leadership and broader organisational influence that goes beyond the scope of this specific skill. See the essence statements.

Developing skills and demonstrating responsibilities related to this skill

The defined levels show the incremental progression in skills and responsibilities.

Where lower levels are not defined...

You can develop your knowledge and support others who do have responsibility in this area by:

Learning key concepts and principles related to this skill and its impact on your role
Performing related skills (see the related SFIA skills)
Supporting others who are performing higher level tasks and activities

Where higher levels are not defined...

You can progress by developing related skills which are better suited to higher levels of organisational leadership.

Click to learn why SFIA skills are not defined at all 7 levels.

Show/hide extra descriptions and levels.

Levels of responsibility for this skill

Identity and access management: Level 1

Level 1 - Follow: Essence of the level: Performs routine tasks under close supervision, follows instructions, and requires guidance to complete their work. Learns and applies basic skills and knowledge.

Performs basic identity and access management tasks, including user account lifecycle management, under supervision.

Maintains accurate records and follows established identity and access management protocols.

Identity and access management: Level 2

Level 2 - Assist: Essence of the level: Provides assistance to others, works under routine supervision, and uses their discretion to address routine problems. Actively learns through training and on-the-job experiences.

Provides assistance for identity and access management operations, including automated role allocation and access control management.

Engages in user identity lifecycle management, including account creation and deletion.

Facilitates operation of identity and access management tools and self-service portals.

Identity and access management: Level 3

Level 3 - Apply: Essence of the level: Performs varied tasks, sometimes complex and non-routine, using standard methods and procedures. Works under general direction, exercises discretion, and manages own work within deadlines. Proactively enhances skills and impact in the workplace.

Administers standard identity and access management services, implementing policies and resolving related issues.

Manages monitoring, audits and logging for identity and access management systems. Investigates minor security breaches in accordance with established procedures related to identity and access management.

Assists users in defining their access rights and privileges. Designs and implements simple identity and access management solutions, enhancing user access security. Contributes to the enhancement and optimisation of existing identity and access management processes and systems.

Identity and access management: Level 4

Level 4 - Enable: Essence of the level: Performs diverse complex activities, supports and guides others, delegates tasks when appropriate, works autonomously under general direction, and contributes expertise to deliver team objectives.

Designs and implements complex identity and access management solutions, focusing on automated access control and role allocation.

Oversees the integration of identity and access management services with new technologies.

Provides specialised support for complex identity and access management operations and supports implementation of policies and standards.

Collaborates with stakeholders to align identity and access management with business objectives and emerging security trends.

Identity and access management: Level 5

Level 5 - Ensure, advise: Essence of the level: Provides authoritative guidance in their field and works under broad direction. Accountable for delivering significant work outcomes, from analysis through execution to evaluation.

Offers authoritative advice on identity and access management, ensuring services align with and support evolving business needs and security protocols.

Manages large-scale identity and access management initiatives and oversees the integration of identity and access management services with new technologies, enhancing security and operational efficiency.

Leads operational planning for identity and access management, anticipating future trends and preparing the organisation for scalable growth.

Ensures compliance of identity and access management systems and oversees advanced monitoring and audit processes.

Identity and access management: Level 6

Level 6 - Initiate, influence: Essence of the level: Has significant organisational influence, makes high-level decisions, shapes policies, demonstrates leadership, promotes organisational collaboration, and accepts accountability in key areas.

Shapes and defines organisation-wide identity and access management policies, ensuring alignment with business strategies and security requirements.

Champions good practices, advocating for robust and innovative identity and access management solutions across the organisation.

Influences and guides organisational governance, integrating emerging technologies and regulatory compliance into identity and access management strategies.

Reviews and advises on identity and access management aspects and implications of new business initiatives.

Level 7

Level 7 - Set strategy, inspire, mobilise: Essence of the level: Operates at the highest organisational level, determines overall organisational vision and strategy, and assumes accountability for overall success.

New skill Split