Home » ITIL » Access Management: Ensuring the Security of Your IT Services

Access Management: Ensuring the Security of Your IT Services

Cybersecurity TrainingThe Information Technology Infrastructure Library® (ITIL®) has grown in popularity among service providers across the globe. The framework offers service providers a practical structure that helps them discover, plan, deliver, and support IT services effectively and efficiently.

However, with the growing demand for IT security, ITIL’s latest version, Version 3, added a process which ensures the security of IT services – Access Management.


Access Management allows authorized users access to a service while preventing unauthorized users from accessing it. This helps organizations safeguard the confidentiality, availability, and integrity of their data and IT assets.

Sub-Processes of Access Management

Access Management can be divided into two sub-processes:

  • Maintain Catalog of User Roles and Access Profiles – This catalog lists all the roles in the organization and which services support each role. This is to confirm that Access Management provides the appropriate access rights to each user.
  • Manage User Access Requests – Requests for Access Rights (requests to authorize, change or revoke the right to use a service or access an asset) are processed in this stage. In addition, a check will be performed to make sure that only authorized users are allowed access.

Access Management in Action

To understand how Access Management and its sub-processes function, here are six key activities in Access Management:

  • Requesting Access – Requests for access or restriction can only come from a few sources: a standard request produced by the Human Resource system (e.g., when someone is hired, promoted, transferred, or leaves the company), a Request for Change, or a Service Request from the Request Fulfillment System. The procedures for requesting access can be documented in the Service Catalog.
  • Verification – Verification is performed on two levels in Access Management. The first level checks whether the user is the person who he/she claims to be, whereas the second level verifies that the user is really in need of that service.
  • Providing Rights – Once the user and his/her needs have been verified, the user will be provided the rights to fulfill his/her request.
  • Monitoring Identity Status – When a user changes roles or Identity Status, changes may need to be made. Security policies will identify these trigger events such as a job change, a promotion or demotion, a transfer, a resignation or death, a retirement, or a dismissal that may require modifications to be made to one’s access; Access Management will execute the policies in place.
  • Logging and Tracking Access – Once the user is allowed to access the information, Access Management will make sure that he/she is using their rights properly.
  • Removing or Restricting Rights – Users who aren’t allowed access will have their rights removed, whereas others who are allowed partial access will have restricted rights.

To learn how you can effectively implement Access Management in your organization, make Ashford Global IT (AGIT) your destination. Access Management is covered in both the ITIL V3 Service Operation Lifecycle course and the ITIL V3 Operational Support and Analysis (OSA) Capability course. By combining group and individual activities with informative lectures, AGIT guarantees that you will gain the right knowledge and skills required to succeed in Access Management!


Tags: , ,

About this author:


Frank is a leading trainer in IT Security.

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.