IAM

Recertification

Review and Certify

A process and detective control that validates the appropriateness of user access to applications, systems, and information.

It consists in determining who is responsible and has authority for reviewing and certifying which access rights and roles, routing a recertification request to that person, having that person process the request which consists in reviewing the access rights and roles and confirming that they are appropriate for the individual’s current responsibilities, and revoking all access rights and roles that are found inappropriate.

Recertification is one activity that participates to the management of identities throughout their lifecycle. After initial provisioning, the identity responsibilities, the organization and its environment continuously evolve making it necessary to realign the identity access rights and roles to present requirements.

The goals of recertification are:

• to mitigate risks linked to the use or abuse of inappropriate access rights and roles,

• to assure and demonstrate compliance.

• https://open-measure.atlassian.net/wiki/spaces/BIB/pages/107709367

• https://open-measure.atlassian.net/wiki/spaces/QUOT/pages/107610518, 52, 78

• https://open-measure.atlassian.net/wiki/spaces/DIC/pages/67600436