[Log In] []

Exploring the science and magic of Identity and Access Management
Sunday, June 16, 2024

IAM Project Governance – Cooperative Execution

Author: Mark Dixon
Saturday, March 23, 2013
5:19 pm


Back in November 2009, I wrote a post entitled, Best Practices for the IAM/Compliance Journey that outlined 13 recommended practices to improve the probability of success in implementing IAM systems.  One of the recommended practices was “Establish a Governance Process”:

Compliance efforts affect a broad spectrum of an enterprise. Stakeholders from many organizations, often with conflicting priorities, have vested interests in the outcomes of a compliance strategy. The governance process must provide representation from the impacted functional areas of the organization. A governance board should have appropriate representation from IT, security, audit, application owners, human resources, business process owners and applicable business associates. The board should be accountable for the project objectives and be vested with authority to make program decisions. The board should be empowered to 1) establish a statement of purpose for the program, 2) promote and give visibility to the program throughout the larger organization, 3) act as a mechanism for quickly making decisions regarding program scope, issues, and risks, and 4) monitor the program health on an ongoing basis.

This recommendation certainly still holds true.  It refers to the type of Strategic Governance that should be an integral part of a company’s IAM strategy, ensuring that IAM technology is aligned with and supports a company’s business objectives and strategy.

However, in the past few months in my work with Oracle, I have begun to crystalize my thoughts about a more tactical kind of governance, which I call IAM Project Governance.  This process is focused on how to make sure a specific project within the IAM journey stays on track and meets specific tactical objectives under the umbrella of the company’s IAM strategy.

IAM Project Governance is based on four distinct, but interrelated principles in a spirit of Cooperative Execution:


The three major participants in an implementation process – Customer, Software Vendor and Systems Integration Partner – must be aligned in project objectives,  understanding of the project plan and the project schedule.  This alignment must include executive sponsors, director and management levels, and project levels from all three parties.


The three major participants must be uniformly committed to the project success, and be willing to work together to make it so.  This is real commitment, of focused attention, time, effort and resources that will lead to mutual success.


Communication must be regular, articulate, candid and open.  A regular cadence of interaction at all levels of the project leadership, from executives down throughout day-to-day project team members, must be organized executed.  It is this type of regular communication that can nip problems in the bud by giving proper attention and allocating appropriate resources before problems fester and grow out of control.


Implementing an IAM system takes focus, hardware and consistent effort.  The mechanisms for ensuring a successful project must be consistent and thorough.  Don’t let up or get com placement.  Hold each other accountable for commitments and assigned responsibilities.  

Time and time again, we have seen how these principles, if followed, can lead to success.  Yet all too often, we also see where companies try to take shortcuts in the name of tactical expediency, and fall short in their expectations for project success.

I’ll discuss more on this topic in the near future. Stay tuned.  In the mean time, Cooperatively Execute!

Comments Off on IAM Project Governance – Cooperative Execution . Permalink . Trackback URL

IAM Best Practices – Prescriptions for Success?

Author: Mark Dixon
Saturday, October 8, 2011
5:49 am

What are the most frequent requests I hear from Identity and Access Management customers?  “How can I use this stuff most effectively?”  “What are the best practices?”

Features and functions, speeds and feeds are not front and center in the dialog.  The main topic of conversation tends to revolve around the best practices for using IAM to business advantage.  What have we collectively learned that will make success easier to achieve and more predictable?

In the maturing IAM industry, we have made great strides in learning how to install and configure IAM technology.  Many companies have learned how to derive business value from IAM.  Unfortunately, we haven’t done a good job of consistently documenting and sharing the experiences we have all gained in making it all really work. We have not consistently distilled experience gained into prescriptive recipes for success.  Customer success stories provide good anecdotal evidence, but fall short of being prescriptions for success.  We have precious few white papers that focus on how to make things work, rather than on extolling features and functions.

It would be an interesting exercise to interview a wide range of companies that have implemented IAM, derive from that body of collective knowledge what really works and what doesn’t, and present that information in a set of best practices that can help others succeed.  Book idea? We’ll see.


Comments Off on IAM Best Practices – Prescriptions for Success? . Permalink . Trackback URL
WordPress Tags: ,
Copyright © 2005-2016, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.