Every large enterprise has employees who need some level of access to its critical information resources, and many also provide a wide variety of types and levels of access to contractors, partners, vendors, and customers. Each of these points of access represents a source of potential business and compliance risk. The process by which access entitlements and roles are authorized, reviewed, certified, and periodically re-certified is critical to an organization’s ability to meet compliance standards and to protect itself against access-related business risks. These are both continuing challenges that require a sustainable process.

This paper outlines how to establish a genuinely sustainable access certification process within large enterprises.