Identity Access Management maturity test

Your interest / responsibility area ITSecurityHRMarketingBusinessDigital Services

1. What is your company’s approach for identity management for employees? a. Identity management without centralized coordination. Access rights changes/removed upon request. Often users access rights are managed in systems locally.b. Access rights are recorded. Access rights change management process in use, instructed and responsibilities named. No automated provision in use.c. Defined IAM policy (e.g. identity-based policies). Defined identity lifecycle management process for user registration with identity check, access granting, reviewing and revoking practicesd. IAM management process covers all key systems and applications. Identity lifecycle governance is in use and management processes are integrated to HR systems. User provisioning and de-provisioning in use. Granted access rights are reviewed regularly.e. Performance and cost efficiency are measured and IdM capability is continuously improved and aligned with corporate strategy.

2. Is the identity of new employees verified in connection with signing the employment contract? YesSometimesNo

3. What is your company's approach to access management for employees? a. Users are authenticated based on unique user accounts. Users may have authorized but there is variation in local implementations.b. There are common practices to authenticate and authorize client access levels or user/client privileges related to system resources including files, services, computer programs, data and application features.c. We have defined IAM policy and processes (e.g. No shared accounts, password policy set, key management is defined, strong authentication).d. We have a risk-based approach for managing access (e.g. multifactor authentication for key systems, conditional access). Authentication and authorization events are monitored.e. We have seamless access or Single-Sign-On in use in addition to self-service password and key management.

4. Are there IAM processes for handling joining, moving, and leaving employees? YesPartlyNo

5. How is privileged access handled in your organization? a. We have no centralized solution and no process.b. We don’t use shared passwords.c. We have a process pland. We have a process and centralized solution in usee. Privileged Access Management in place

6. What is your company's approach to identity management for partners, vendors, and service providers? a. Identity management without centralized coordination. Access rights changes/removed upon request. Often users access rights are managed in systems locally.b. Access rights are recorded. Access rights change management process in use, instructed and responsibilities named. No automated provision in use.c. Defined IAM policy (e.g. identity-based policies). Defined identity lifecycle management process for user registration with identity check, access granting, reviewing and revoking practicesd. IAM management process covers all key systems and applications. Identity lifecycle governance is in use and management processes are integrated to HR systems. User provisioning and de-provisioning in use. Granted access rights are reviewed regularly.e. Performance and cost efficiency are measured, and Identity Management capability is continuously improved and aligned with corporate strategy.

7. What is your company's approach to access management for partners, vendors, and service providers? a. Users are authentication based on unique user accounts. Users may have authorized but there is variation in local implementations.b. There are common practices to authenticate and authorize client access levels or user/client privileges related to system resources including files, services, computer programs, data and application features.c. We have defined IAM policy and processes (e.g. no shared accounts, password policy set, key management is defined, strong authentication).d. We have a risk-based approach for managing access, (e.g. multifactor authentication for key systems, conditional access). Authentication and authorization events are monitored.e. We have seamless access or Single-Sign-On in use in addition to self-service password and key management.

1. What kind of services are you providing online? a. Online service without social media integrationb. Online service with social media integrationc. Online service without payment solutionsd. Online services with payment solutionse. Online service including personal information (i.e. healthcare service)

2. Are you planning on extending your digital offering? NoMaybe at some pointYes

3. What is your organization’s approach to identity management for customers? a. Individual solutions per serviceb. Centralized login solutionc. E-commerce platform d. Centralized login and profilee. Comprehensive authentication and authorization management

4. Who are you providing your services to? (multiple selection allowed) Consumers (individuals) Suppliers or vendorsPartnersIndividual contractual customersSmall or medium sized company customersLarge sized enterprise-level customersPotential consumers or customers

5. What is your major concern regarding digital identities? a. Recognizing returning visitorsb. Increasing conversion rate of unknown users to customersc. Providing convenience to the user experience with easy registration and login optionsd. Authorizing access to services capabilities and policy managemente. Wanting to become the forerunner of IAM

Email address

Comments