IAM Advisory Services

 Summary of Services: Provide Client with an Identity and Access Management (“IAM”) Maturity Assessment Program (“MAP”) benchmark service, and optional add-on Services: Option 1-Use Cases and Gaps Discovery; Option 2-Architecture for Future State, with IAM Strategy and Roadmap; and Option 3-Product or Tool Vendor Selection.


Scope of Maturity Assessment Program Services: 

Simeio will review eight (8) levers across all of IAM which contain the seventy-seven (77) most important measures a technology leader can use to evaluate the progress of their IAM program.  These eight (8) levers, the description, and number of Measures are: 

#NameDescriptionQty of
Measures
1User Identity StoresThe sources of user(s) identities are effectively and efficiently organized
to manage the number and accuracy of stores of user information across
the enterprise that will be used for downstream provisioning, authentication,
or credential management
7
2User Account ProvisioningAccount provisioning is the process of creating user accounts for systems and
applications across the enterprise.
12
3Credential ManagementManaging credentials or passwords includes the initial creation, reset
processes, and establishes appropriate standards and policies.
8
4Authentication and AuthorizationAuthentication and authorization are the processes of proving who an
individual is and that the individual is appropriately authorized
to access information.
9
5Identity GovernanceIdentity governance or role and compliance management is a set of processes
that allows system owners to easily understand access rights, pro-actively
manage user roles and privileges, and also satisfy possible audit and
compliance requirements.
11
6Reporting and AuditingFully featured IAM reporting and auditing provides a robust set of capabilities
that can track all user life cycle activities, report the data for auditing and key
metrics in a dynamic and flexible manner, and integrate the data into security
intelligence tools for further correlation and analysis.
12
7OperationsA mature IAM operational models include having a scalable, redundant
architecture and infrastructure, the right on-premises vs. cloud mix, and the
people and processes required to manage, operate, and support an IAM
program.
10
8Program GovernanceAn IAM governance program enables the enterprise to plan, establish,
enforce, and review the plans, policies, and procedures an enterprise will
leverage to advance to a fully mature state.
8
Total77

The MAP will be delivered by Simeio in a workshop format with Client stakeholders over the course of one (1) or two (2) days.

Results will be provided in a PowerPoint format to include a score from “poor” to “best” for each lever at the strategic level, and for each of the measures at the tactical level (see Deliverables section below).  

Optional Add-on Services:

Option 1.  Use Cases and Gaps Discovery (AS-MAP-UCGD-02)

The Use Cases and Gaps Discovery assessment will span across Identity Governance and Administration (“IGA”), Access Management (“AM”), Privileged Access Management (“PAM”), and if applicable, Customer Identity and Access Management (“CIAM”).  This scope will include the prioritization of use cases; identification and design of the high-priority processes; identification and listing of the associated policy and process gaps to fulfill the business’ needs across IAM; and the gaps in technology and tools that are utilized across the IAM ecosystem.

Option 2.  IAM Strategy, Program Roadmap, and Architecture Framework (AS-MAP-STPRAF-03)

Building on the MAP workshop results along with the results from the Use Cases and Gaps Discovery a client-specific strategy for a wholistic IAM transformation program is created.  The strategy will be supported by current state architecture, a roadmap of tactical and strategic projects, the implementation visual and approach, and a preliminary program budget.  Defining the future state architecture and interim-state architecture for the next two to three (2-3) years completes this Option.

Option 3.  Technology Vendor Selection (AS-MAP-TVS-04)

Option 3 Leveraging the results from the Use Cases and Gaps Discovery we assist the Client in selecting appropriate vendors for the technology/tools needed in IGA, AM, PAM or CIAM.    If more than one capability tool is needed, this scope will be duplicated for that capability, for example IGA and PAM.

Simeio Roles and Responsibilities

Map

RoleResponsibility
Simeio Sales and Relationship Manager• Overall relationship management.
• Engage with the Client team on forward looking opportunities.
Solutions Engineer • Define scope requirements, use cases, needs suitable to close gaps.
IAM Solutions Advisor• Provide subject matter expertise and lead the overall assessment.
• Assist with review of deployed processes and operational procedures.
• Deliverable development.
• Responsible for interfacing with executive leadership.
• Overall accountability for quality of Deliverables.

Option 1: Use Cases and Gap Discovery

RoleResponsibility
Simeio Sales and Relationship Manager• Overall relationship management.
• Engage with the Client team on forward looking opportunities.
Project Manager• Oversee overall project team.
• Manage Deliverables schedule and dependencies.
• Review Deliverables prior to delivery to Client.
Business Analyst• Conduct discovery of current state, people, and process.
• Conduct workshops regarding future state.
• Document findings and gaps.
• Document recommended roadmap.
IAM Architect• Architecture and design review.
• Oversee technical analysis and roadmap activities.
• Provide domain expertise.
IAM Solutions Advisor• Provide subject matter expertise and lead the overall assessment.
• Assist with review of deployed processes and operational procedures.
• Assist with creation of roadmap.
• Deliverable development.
• Provide expertise around operations and governance setup.
• Responsible for interfacing with executive leadership.
• Overall accountability for quality of deliverables.

Option 2: IAM Strategy, Program Roadmap, and Architecture Framework 

Option 3: Technology Vendor Selection

RoleResponsibility

Simeio Sales & Relationship Manager
• Overall relationship management.
• Engage with the Client team on forward looking opportunities.
Solutions Engineer• Defining scope requirements, use cases, needs suitable to close gaps.
• Defining solutions and pricing.
• Creating contract.
Project Manager• Oversee overall project team.
• Manage Deliverables schedule and dependencies.
• Review Deliverables prior to delivery to Client.
Business Analyst• Conduct discovery of current state, people, and process.
• Conduct workshops regarding future state.
• Document findings and gaps.
• Document recommended roadmap.
IAM Architect• Architecture and design review.
• Oversee technical analysis and roadmap activities.
• Provide domain expertise.
IAM Solutions Advisor• Provide subject matter expertise and lead the overall assessment.
• Assist with review of deployed processes and operational procedures.
• Assist with creation of roadmap.
• Deliverable development.
• Provide expertise around operations and governance setup.
• Responsible for interfacing with executive leadership.
• Overall accountability for quality of deliverables.

Timeline

Milestones

Product MilestoneEstimated date
MAPMAP Workshop Completed Kickoff + 5 Days
Option 1: Use Cases
and Gap Discovery
Use Cases Defined Per IAM Capability (IGA, AM, PAM,
and CIAM).
Processes designed and documented.
Gaps Analysis Completed and Deliverables Reviewed
with Client.
Kickoff + 2 Weeks
Kickoff + 3 Weeks
Kickoff + 5 Weeks
Option 2: IAM
Strategy, Program
Roadmap, and
Architecture
Framework
Strategy defined and documented.
Roadmap projects and preliminary program budget
defined with Architecture diagrams.
Final deliverables reviewed and accepted by Client.
Kickoff + 6 Weeks
Kickoff + 8 Weeks
Kickoff + 9 Weeks
Option 3: Vendor
Selection
Vendors criteria defined and vendors selected.
Vendor scoring, pricing and decision recommendation.
Kickoff + 10 Weeks
Kickoff + 12 Weeks

Deliverables

Deliverables
MAP
 1 – Graphical representation of the 8-levers score (1-10).
 1 – Heat map of each lever and question to emphasize items to address.
 1 – Prioritized list of scored benchmark items to address and the comparative Best Practice score.
 1 – Documented tactical (short-term) and long-term improvements agreed with Client during the workshop.
Deliverables in Microsoft PowerPoint
Option 1. Use Cases and Gaps Discovery
 Inventory of prioritized use cases
 5-10 high priority processes defined
 List of associated policy, process, business needs gaps
 Technology gap assessment
 Deliverables in Microsoft PowerPoint
Option 2. IAM Strategy, Program Roadmap, and Architecture Framework
 Current state architecture
 Tactical project listing
 Strategic project listing
 Implementation approach visualization
 Preliminary program budget
 Future state architecture
 Interim state architecture(s)
 Deliverables in Microsoft PowerPoint
Option 3. Technology Vendor Selection
Optional service depending on Gaps, Program Roadmap and assistance required
Identification of qualification criteria or use cases for vendors and the IAM software tools required (MS Excel)
Identification of scoring criteria and scoring matrix (MS Excel)
Vendor engagement – Recorded meetings with MS Teams and Meeting Notes in MS Word
Vendor scoring results for scoring criteria and use-cases (MS Excel and PowerPoint)
Vendor pricing and comparison (MS PowerPoint)
Vendor selection recommendation / decision guidance (MS PowerPoint)

Client Roles and Responsibilities

MAP

RoleResponsibilitiesEffort
Human Resources (“HR”)Data flowing from HR begins, ends and modifies user access. 8 Hours
ArchitectsEnterprise and Security Architects that understand the overall
Information Technology landscape and key integration implications.
8 Hours
Business Application OwnersBusiness application stakeholders that need rapid and efficient
employee or customer access and can define access roles.
8 Hours
Compliance/Internal AuditCompliance, Audit, Legal and data privacy and governance
stakeholders.
8 Hours
HelpdeskHelpdesk and support staff who know the problems and can
influence process improvement.
8 Hours
IT Networking, Security, Infrastructure and TelecomInfrastructure, Network, Security Administrators who manage
security and access via privileged accounts or highly privileged identities.
8 Hours
AD & Cloud Teams Resources who manage Identity attribute repositories both on
premise and in the cloud.
8 Hours
CISOKey influencers and stakeholders who will approve funding and
resolve conflicting priorities.
8 Hours
IAM Tool / Product Owners Owners of specific IAM tools used today who can validate extent of capabilities used.8 Hours
Project SponsorResponsible for budget, goals, strategy.1-2 Hours

Option 1: Use Cases and Gap Discovery

RoleResponsibilitiesEffort
Human Resources (“HR”) Data flowing from HR begins, ends and modifies user access. 8 Hours
Architects Enterprise and Security Architects that understand the overall
Information Technology landscape and key integration implications.
8 Hours
Business Application
Owners
Business application stakeholders that need rapid and efficient
employee or customer access and can define access roles.
8 Hours
Compliance/Internal Audit Compliance, Audit, Legal and data privacy and governance stakeholders.8 Hours
HelpdeskHelpdesk and support staff who know the problems and can
influence process improvement.
8 Hours
IT Networking, Security, Infrastructure and TelecomInfrastructure, Network, Security Administrators who manage
security and access via privileged accounts or highly privileged
identities.
8 Hours
AD & Cloud TeamsResources who manage Identity attribute repositories both on premise and in the cloud.8 Hours
CISO Key influencers and stakeholders who will approve funding and
resolve conflicting priorities.
8 Hours
IAM Tool / Product Owners
Owners of specific IAM tools used today who can validate extent of capabilities used.8 Hours
Project Sponsor Responsible for budget, goals, strategy. 1-2 Hours

Option 2: IAM Strategy, Program Roadmap, and Architecture Framework 

Option 3: Technology Vendor Selection

RoleResponsibilitiesEffort
Project Sponsor Responsible for budget, goals, strategy. 1-2 Hour
Project Manager
Plan and manage the assessment within the Client team(s).
Coordinate with the Simeio Project Manager / Architect.
8 Hours
IAM Solution Architect / Technical Leads
Accountable for IAM tools design, architecture, etc. 6 Hours

Client Responsibilities

  1. Identify names of the Client resources who perform the Client roles and responsibilities identified above and
    assist to facilitate availability, participation and attendance as needed for workshops and meetings.
  2. Provide current and existing documentation, such as build documentation on existing IAM tools, architecture,
    policies, procedures, etc. as needed by Simeio.
  3. Provide vendor contact information for existing IAM tools.

RACI Matrix:

The following RACI matrix is intended to outline the various activities that will be performed by the Client and Simeio.

ServicesResponsibleAccountableConsultedInformed
Identify stakeholders Client ClientSimeioSimeio
Schedule workshops with Client stakeholders facilitated by Simeio Client Client Simeio Simeio
Conduct and facilitate workshops Simeio Simeio Client Client
Provide information and data as requested Client Simeio Simeio Client
Review data and workshop / interview and provide analysis Simeio Simeio ClientClient