IAM Advisory Services
Summary of Services: Provide Client with an Identity and Access Management (“IAM”) Maturity Assessment Program (“MAP”) benchmark service, and optional add-on Services: Option 1-Use Cases and Gaps Discovery; Option 2-Architecture for Future State, with IAM Strategy and Roadmap; and Option 3-Product or Tool Vendor Selection.
Scope of Maturity Assessment Program Services:
Simeio will review eight (8) levers across all of IAM which contain the seventy-seven (77) most important measures a technology leader can use to evaluate the progress of their IAM program. These eight (8) levers, the description, and number of Measures are:
| # | Name | Description | Qty of Measures |
|---|---|---|---|
| 1 | User Identity Stores | The sources of user(s) identities are effectively and efficiently organized to manage the number and accuracy of stores of user information across the enterprise that will be used for downstream provisioning, authentication, or credential management | 7 |
| 2 | User Account Provisioning | Account provisioning is the process of creating user accounts for systems and applications across the enterprise. | 12 |
| 3 | Credential Management | Managing credentials or passwords includes the initial creation, reset processes, and establishes appropriate standards and policies. | 8 |
| 4 | Authentication and Authorization | Authentication and authorization are the processes of proving who an individual is and that the individual is appropriately authorized to access information. | 9 |
| 5 | Identity Governance | Identity governance or role and compliance management is a set of processes that allows system owners to easily understand access rights, pro-actively manage user roles and privileges, and also satisfy possible audit and compliance requirements. | 11 |
| 6 | Reporting and Auditing | Fully featured IAM reporting and auditing provides a robust set of capabilities that can track all user life cycle activities, report the data for auditing and key metrics in a dynamic and flexible manner, and integrate the data into security intelligence tools for further correlation and analysis. | 12 |
| 7 | Operations | A mature IAM operational models include having a scalable, redundant architecture and infrastructure, the right on-premises vs. cloud mix, and the people and processes required to manage, operate, and support an IAM program. | 10 |
| 8 | Program Governance | An IAM governance program enables the enterprise to plan, establish, enforce, and review the plans, policies, and procedures an enterprise will leverage to advance to a fully mature state. | 8 |
| Total | 77 |
The MAP will be delivered by Simeio in a workshop format with Client stakeholders over the course of one (1) or two (2) days.
Results will be provided in a PowerPoint format to include a score from “poor” to “best” for each lever at the strategic level, and for each of the measures at the tactical level (see Deliverables section below).
Optional Add-on Services:
Option 1. Use Cases and Gaps Discovery (AS-MAP-UCGD-02)
The Use Cases and Gaps Discovery assessment will span across Identity Governance and Administration (“IGA”), Access Management (“AM”), Privileged Access Management (“PAM”), and if applicable, Customer Identity and Access Management (“CIAM”). This scope will include the prioritization of use cases; identification and design of the high-priority processes; identification and listing of the associated policy and process gaps to fulfill the business’ needs across IAM; and the gaps in technology and tools that are utilized across the IAM ecosystem.
Option 2. IAM Strategy, Program Roadmap, and Architecture Framework (AS-MAP-STPRAF-03)
Building on the MAP workshop results along with the results from the Use Cases and Gaps Discovery a client-specific strategy for a wholistic IAM transformation program is created. The strategy will be supported by current state architecture, a roadmap of tactical and strategic projects, the implementation visual and approach, and a preliminary program budget. Defining the future state architecture and interim-state architecture for the next two to three (2-3) years completes this Option.
Option 3. Technology Vendor Selection (AS-MAP-TVS-04)
Option 3 Leveraging the results from the Use Cases and Gaps Discovery we assist the Client in selecting appropriate vendors for the technology/tools needed in IGA, AM, PAM or CIAM. If more than one capability tool is needed, this scope will be duplicated for that capability, for example IGA and PAM.
Simeio Roles and Responsibilities
Map
| Role | Responsibility |
|---|---|
| Simeio Sales and Relationship Manager | • Overall relationship management. • Engage with the Client team on forward looking opportunities. |
| Solutions Engineer | • Define scope requirements, use cases, needs suitable to close gaps. |
| IAM Solutions Advisor | • Provide subject matter expertise and lead the overall assessment. • Assist with review of deployed processes and operational procedures. • Deliverable development. • Responsible for interfacing with executive leadership. • Overall accountability for quality of Deliverables. |
Option 1: Use Cases and Gap Discovery
| Role | Responsibility |
| Simeio Sales and Relationship Manager | • Overall relationship management. • Engage with the Client team on forward looking opportunities. |
| Project Manager | • Oversee overall project team. • Manage Deliverables schedule and dependencies. • Review Deliverables prior to delivery to Client. |
| Business Analyst | • Conduct discovery of current state, people, and process. • Conduct workshops regarding future state. • Document findings and gaps. • Document recommended roadmap. |
| IAM Architect | • Architecture and design review. • Oversee technical analysis and roadmap activities. • Provide domain expertise. |
| IAM Solutions Advisor | • Provide subject matter expertise and lead the overall assessment. • Assist with review of deployed processes and operational procedures. • Assist with creation of roadmap. • Deliverable development. • Provide expertise around operations and governance setup. • Responsible for interfacing with executive leadership. • Overall accountability for quality of deliverables. |
Option 2: IAM Strategy, Program Roadmap, and Architecture Framework
Option 3: Technology Vendor Selection
| Role | Responsibility |
|---|---|
Simeio Sales & Relationship Manager | • Overall relationship management. • Engage with the Client team on forward looking opportunities. |
| Solutions Engineer | • Defining scope requirements, use cases, needs suitable to close gaps. • Defining solutions and pricing. • Creating contract. |
| Project Manager | • Oversee overall project team. • Manage Deliverables schedule and dependencies. • Review Deliverables prior to delivery to Client. |
| Business Analyst | • Conduct discovery of current state, people, and process. • Conduct workshops regarding future state. • Document findings and gaps. • Document recommended roadmap. |
| IAM Architect | • Architecture and design review. • Oversee technical analysis and roadmap activities. • Provide domain expertise. |
| IAM Solutions Advisor | • Provide subject matter expertise and lead the overall assessment. • Assist with review of deployed processes and operational procedures. • Assist with creation of roadmap. • Deliverable development. • Provide expertise around operations and governance setup. • Responsible for interfacing with executive leadership. • Overall accountability for quality of deliverables. |
Timeline
Milestones
| Product | Milestone | Estimated date |
|---|---|---|
| MAP | MAP Workshop Completed | Kickoff + 5 Days |
| Option 1: Use Cases and Gap Discovery | Use Cases Defined Per IAM Capability (IGA, AM, PAM, and CIAM). Processes designed and documented. Gaps Analysis Completed and Deliverables Reviewed with Client. | Kickoff + 2 Weeks Kickoff + 3 Weeks Kickoff + 5 Weeks |
| Option 2: IAM Strategy, Program Roadmap, and Architecture Framework | Strategy defined and documented. Roadmap projects and preliminary program budget defined with Architecture diagrams. Final deliverables reviewed and accepted by Client. | Kickoff + 6 Weeks Kickoff + 8 Weeks Kickoff + 9 Weeks |
| Option 3: Vendor Selection | Vendors criteria defined and vendors selected. Vendor scoring, pricing and decision recommendation. | Kickoff + 10 Weeks Kickoff + 12 Weeks |
Deliverables
| Deliverables |
|---|
| MAP 1 – Graphical representation of the 8-levers score (1-10). 1 – Heat map of each lever and question to emphasize items to address. 1 – Prioritized list of scored benchmark items to address and the comparative Best Practice score. 1 – Documented tactical (short-term) and long-term improvements agreed with Client during the workshop. Deliverables in Microsoft PowerPoint |
| Option 1. Use Cases and Gaps Discovery Inventory of prioritized use cases 5-10 high priority processes defined List of associated policy, process, business needs gaps Technology gap assessment Deliverables in Microsoft PowerPoint |
| Option 2. IAM Strategy, Program Roadmap, and Architecture Framework Current state architecture Tactical project listing Strategic project listing Implementation approach visualization Preliminary program budget Future state architecture Interim state architecture(s) Deliverables in Microsoft PowerPoint |
| Option 3. Technology Vendor Selection Optional service depending on Gaps, Program Roadmap and assistance required Identification of qualification criteria or use cases for vendors and the IAM software tools required (MS Excel) Identification of scoring criteria and scoring matrix (MS Excel) Vendor engagement – Recorded meetings with MS Teams and Meeting Notes in MS Word Vendor scoring results for scoring criteria and use-cases (MS Excel and PowerPoint) Vendor pricing and comparison (MS PowerPoint) Vendor selection recommendation / decision guidance (MS PowerPoint) |
Client Roles and Responsibilities
MAP
| Role | Responsibilities | Effort |
|---|---|---|
| Human Resources (“HR”) | Data flowing from HR begins, ends and modifies user access. | 8 Hours |
| Architects | Enterprise and Security Architects that understand the overall Information Technology landscape and key integration implications. | 8 Hours |
| Business Application Owners | Business application stakeholders that need rapid and efficient employee or customer access and can define access roles. | 8 Hours |
| Compliance/Internal Audit | Compliance, Audit, Legal and data privacy and governance stakeholders. | 8 Hours |
| Helpdesk | Helpdesk and support staff who know the problems and can influence process improvement. | 8 Hours |
| IT Networking, Security, Infrastructure and Telecom | Infrastructure, Network, Security Administrators who manage security and access via privileged accounts or highly privileged identities. | 8 Hours |
| AD & Cloud Teams | Resources who manage Identity attribute repositories both on premise and in the cloud. | 8 Hours |
| CISO | Key influencers and stakeholders who will approve funding and resolve conflicting priorities. | 8 Hours |
| IAM Tool / Product Owners | Owners of specific IAM tools used today who can validate extent of capabilities used. | 8 Hours |
| Project Sponsor | Responsible for budget, goals, strategy. | 1-2 Hours |
Option 1: Use Cases and Gap Discovery
| Role | Responsibilities | Effort |
|---|---|---|
| Human Resources (“HR”) | Data flowing from HR begins, ends and modifies user access. | 8 Hours |
| Architects | Enterprise and Security Architects that understand the overall Information Technology landscape and key integration implications. | 8 Hours |
| Business Application Owners | Business application stakeholders that need rapid and efficient employee or customer access and can define access roles. | 8 Hours |
| Compliance/Internal Audit | Compliance, Audit, Legal and data privacy and governance stakeholders. | 8 Hours |
| Helpdesk | Helpdesk and support staff who know the problems and can influence process improvement. | 8 Hours |
| IT Networking, Security, Infrastructure and Telecom | Infrastructure, Network, Security Administrators who manage security and access via privileged accounts or highly privileged identities. | 8 Hours |
| AD & Cloud Teams | Resources who manage Identity attribute repositories both on premise and in the cloud. | 8 Hours |
| CISO | Key influencers and stakeholders who will approve funding and resolve conflicting priorities. | 8 Hours |
| IAM Tool / Product Owners | Owners of specific IAM tools used today who can validate extent of capabilities used. | 8 Hours |
| Project Sponsor | Responsible for budget, goals, strategy. | 1-2 Hours |
Option 2: IAM Strategy, Program Roadmap, and Architecture Framework
Option 3: Technology Vendor Selection
| Role | Responsibilities | Effort |
|---|---|---|
| Project Sponsor | Responsible for budget, goals, strategy. | 1-2 Hour |
| Project Manager | Plan and manage the assessment within the Client team(s). Coordinate with the Simeio Project Manager / Architect. | 8 Hours |
| IAM Solution Architect / Technical Leads | Accountable for IAM tools design, architecture, etc. | 6 Hours |
Client Responsibilities
- Identify names of the Client resources who perform the Client roles and responsibilities identified above and
assist to facilitate availability, participation and attendance as needed for workshops and meetings. - Provide current and existing documentation, such as build documentation on existing IAM tools, architecture,
policies, procedures, etc. as needed by Simeio. - Provide vendor contact information for existing IAM tools.
RACI Matrix:
The following RACI matrix is intended to outline the various activities that will be performed by the Client and Simeio.
| Services | Responsible | Accountable | Consulted | Informed |
|---|---|---|---|---|
| Identify stakeholders | Client | Client | Simeio | Simeio |
| Schedule workshops with Client stakeholders facilitated by Simeio | Client | Client | Simeio | Simeio |
| Conduct and facilitate workshops | Simeio | Simeio | Client | Client |
| Provide information and data as requested | Client | Simeio | Simeio | Client |
| Review data and workshop / interview and provide analysis | Simeio | Simeio | Client | Client |