You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Introduction

An Identity Management Practice Statement (IMPS) is defined in the SWAMID Policy:

Each SWAMID Member with an Identity Provider MUST create and maintain an Identity Management Practice Statement.

The Identity Management Practice Statement is a description of the Identity Management lifecycle including how Subjects are enrolled, maintained and removed from the identity management system based on the Identity Assurance Profiles.

The Identity Management Practice Statement is audited against claims of compliance with Identity Assurance Profiles.

An Identity Management Practice Statement is a requirement for SWAMID membership.

Guidance

  • The identity management practice statement should be short and to the point.
  • Describe essential processes in detail - bullet points and short descriptions are usually enough.
  • Make sure the description matches reality. In the case of a security breach you will be audited against your current practice statement.
  • An identity management practice statement template is available at SWAMID Assurance How-To.
  • No labels