Introduction

An identity management practice statement Identity Management Practice Statement (IMPS) is defined in the SWAMID Policy:

Each Identity Provider that wishes to become a Member of SWAMID MUST create, publish and maintain an Identity Management Practice Statement. The Identity Management Practice Statement is a description of the Identity Management life-cycle including a description of how identity lifecycle including how Subjects are enrolled, maintained and removed from the identity management system . The statement MUST contain descriptions of administrative processes, practices and significant technologies used in the identity management life-cycle. The processes, practices and technologies described MUST be able to support a secure and consistent identity management life-cycle. Specific requirements are imposed by based on the Identity Assurance Profiles.The

An Identity Management Practice Statement

...

An identity management practice statement is a requirement for SWAMID membership.

Guidance

• The identity management practice statement should be short and to the point.
• Describe essential processes in detail - bullet points and short descriptions are usually enough.
• Make sure the description matches reality. In the case of a security breach you will be audited against your current practice statement.
• An identity management practice statement template is available at SWAMID Identity Assurance How-To.