Access Management - The process responsible for allowing Users to make use of IT Services, data or other Assets. Access Management helps to protect the Confidentiality, Integrity and Availability of Assets by ensuring only authorized Users are able to access / modify the Assets.
Access Management is sometimes referred to as Rights Management or Identity Management.
Having provided the definition above we also need to provide the definition an Asset:
Asset - Assets of a Service Provider include anything that could contribute to the delivery of a Service. Types of Assets include:
- Management
- Organization
- Process
- Knowledge
- People
- Information
- Applications
- Infrastructure
- Financial Capital
Access Management is an execution of Security and Availability Management, who are responsible for defining the appropriate roles. Seldom does an 'Access Manager' exist in an organization. It is important to have a single Access Management process and a single set of policies related to managing rights and access. It is likely that the process and polices are defined and maintained by Information Security Management and operated by:
Service Desk - Access requests are generally provided via Service Requests. Service Desk will validate the request by checking it is appropriately approved, the user is a legitimate employee, contractor or customer and qualify for access.
The Service Desk may be delegated responsibility for providing access or may pass to the appropriate team.
The Service Desk communicates with the user when access is granted and provides appropriate support as required.
Technical / Application Management - These teams provide several important roles within the ITIL Lifecycle.
During Service Design ensure mechanisms are created to simplify and control Access Management for each service that is designed, together with specifying how abuse of rights are detected and stopped.
At Service Transition they will test the service to ensure that access can be granted, controlled and prevented as designed.
In Service Operation perform Access Management, ensuring that procedures are defined and executed according to the process and policy requirements. In addition respond to incidents and problems related to Access Management
Provide adequate training to the Service Desk / IT Operations Management, ensuring staff have access to the appropriate tools to enable them to perform the required tasks.
IT Operations Management - It is common for Access Management tasks to be delegated to IT Operations Management. Operators will be tasked for providing or revoking access to key systems or resources. The circumstances under which they do so, and instructions for how to do so, must be included in the Standard Operating Procedures (SOPs).