Home » ITIL » Understanding Access Management

Understanding Access Management

Access Management is the process of granting authorized users the right to use a service while restricting access to non-authorized users. This Service Operation process enables the organization to manage the privacy, accessibility and reliability of the organization’s data and intellectual property.

Access Management helps organizations in the following ways:

  • Controlled access to services ensures that the organization is effectively maintaining the confidentiality of its information
  • Employees have the right level of access in order to perform their jobs effectively
  • There is less probability of errors being made in data entry or in the use of a critical service by an unskilled user
  • Access Management has the ability to audit the use of services and trace the abuse of services
  • Access Management can easily revoke or limit an user’s access rights when needed

Now let’s move on the inner workings of Access Management. Access Management is a multiple step process which consists of requesting access, verification, providing rights, monitoring identity status, tracking access, and removing or restricting access:

  • Requesting Access: Whenever an employee starts a job, is promoted, transfers or leaves the company, a Standard Request is initiated by the Human Resources system. Other methods of requesting access include a Request for Change, a Service Request (submitted through the Request Fulfillment system), and performing a pre-authorized script.
  • Verification: It is the duty of Access Management to verify every request for access to an IT service from two perspectives. First, the user requesting access must be who they say they are. Second, the user must have an entitlement to use that service.
  • Providing Rights: Access Management does not decide who has access to which IT services. Rather, this process executes the policies and regulations defined during Service Strategy and Service Design. Once a user has been verified, Access Management gives that user the right to use the requested service.
  • Monitoring Identity Status: Over time, an employee may change roles in the organization. With such changes, the user’s need to access services may need to be adjusted as well. Examples of role changes include a job change, promotion, demotion, transfer, resignation, death, retirement, disciplinary action, or dismissal. Access Management is responsible for ensuring that users have the correct amount of access at all times.
  • Logging and Tracking Access: Access Management will monitor users and their activities to make sure that users are not abusing their access.
  • Removing or Restricting Access: Access Management is also responsible for removing or restricting users’ access to services. Once again, Access Management does not make these decisions but, instead, executes the policies and regulations defined during Service Strategy and Service Design as well as decisions made by managers within the organization.

Contact Ashford Global IT today for more information on how Access Management can benefit your organization!

 

About this author:

Angel Prusinowski

Angel is a leading ITIL® instructor at Ashford Global IT.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.