Identity & Access Management (IAM)

Identity & Access Management (IAM) is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons. It is a complex process consisting of various policies, procedures, activities and technologies that require the coordination of many University wide groups such as ITS, Human Resources and Operations.

IAM attempts to address three important questions:

Who has access to what information? 

A robust identity and access management system will help the University not only to manage digital identities, but to manage the access to resources, applications, and information these identities require as well.

Is the access appropriate for the job being performed? 

This element takes on two facets.  First, is this access correct and defined appropriately to support a specific job function?  Second, does access to a particular resource conflict with other access rights, thus posing a potential segregation of duties problem?

Is the access and activity monitored, logged, and reported appropriately? 

In addition to benefiting the user through efficiency gains, IAM processes should be designed in a manner that supports regulatory compliance.  Access rights must be defined, documented, monitored, logged, and reported appropriately.

Current Risk the IAM Program is addressing:

  • Exposure, inappropriate access or loss of sensitive data
  • Challenges in meeting compliance requirements
  • Difficulties in pursuing IT strategy and meeting institutional needs for new and improved IT services.
  • Operational inefficiency
  • Inefficient and ineffective processes

IAM Policies, Standards & Documentation

Please visit the IAM web section for more information.