Access Management

Purpose
Access management is the process of granting authorized users the right to use a service, while preventing access to non-authorized users. It has also been referred to as rights management or identity management in different organizations.

The purpose of access management is to provide the right for users to be able to use a service or group of services. It is therefore the execution of policies and actions that are defined in the information security management.

Objectives

The objectives of the access management process are to:

1. Manage access to services based on policies and actions defined in information security management (see ITIL Service Design)

2. Efficiently respond to requests for granting access to services, changing access rights or restricting access, ensuring that the rights being provided or changed are properly granted

3. Grant access to services, service groups, data or functions, only if they are entitled to that access

4. Oversee access to services and ensure rights being provided are not improperly used,remove access when people change roles or jobs

Scope

Access management is effectively the execution of the policies in information security management. In that it enables the organization to manage the confidentiality, availability and integrity of the organization’s data and intellectual property. Access management ensures that users are given the right to use a service, but it does not ensure that this access is available at all agreed times this is provided by availability management.

Access management is a process that is executed by all technical and application management functions, and is usually not a separate function. However, there is likely to be a single control point of coordination, usually in IT operations management or on the service desk. Access management can be initiated by a service request.

Value to Business

The value of access management includes:

1. Ensuring that controlled access to services will allow the organization to maintain effective confidentiality of its information

2. Ensuring that employees have the right level of access to execute their jobs effectively

3. Reducing errors made in data entry or in the use of a critical service by an unskilled user (e.g. production control systems)

4. Providing capabilities to audit use of services and to trace the abuse of services

5. Providing capabilities to revoke access rights when needed on a timely basis, an important security consideration

6. Providing and demonstrating compliance with regulatory requirements (e.g. SOX, HIPAA and COBIT)

Functions

A function is a team or group of people and the tools or other resources they use to carry out one or more processes or activities. In larger organizations, a function may be broken out and performed by several departments, teams and groups or it may be embodied within a single organizational unit (e.g. a service desk).

In smaller organizations, one person or group can perform multiple functions (e.g. a technical management department could also incorporate the service desk function). For service operation to be successful, an organization will need to clearly define the roles and responsibilities required to undertake the processes and activities. These roles will need to be assigned to individuals, and an appropriate organization structure of teams, groups or functions established and managed.

Service Operations has following main functions: 

1. Service desk

2. Technical management

3. IT operations management

4. Application management

Technical management and application management provide the technical resources and expertise to manage the whole service life cycle and practitioner roles within service operation may be performed by members of these functions.

To understand these better- Technical Management Function (TMF) is a custodian of technical knowledge and expertise to managing IT. Application Management Function (AMF) is a custodian of technical knowledge and expertise related to managing applications & it overlaps with Application Development. IT Operations Management Function (ITOMF) is responsible for the daily operational activities to manage the IT Infrastructure. It has IT Operations control & Facilities Management & it overlaps with TMF & AMF. 

Service Desk

Service Desk Function (SDF) is a SPOC which focuses on service restoration and uses TMF & AMF for support. This increases user perception and satisfaction.

Service desk the service desk is the single point of contact for users when there is a service disruption, for service requests or even for some categories of request for change (RFC). The service desk provides a point of communication to the users, and a point of coordination for several IT groups and processes.

To enable them to perform these actions effectively the service desk is usually separate from the other service operation functions. In some cases, e.g. where detailed technical support is offered to users on the first call, it may be necessary for technical or application management staff to be on the service desk.

This does not mean that the service desk becomes part of the technical management function. In fact, while they are on the service desk, they cease to be a part of the technical management or application management functions and become a part of the service desk, even if only temporarily.

Technical management

Technical management provides detailed technical skills and the resources needed to support the ongoing Operation of IT services and the management of the IT infrastructure. Technical management also plays an important role in the design, testing, release and improvement of IT services.

In small organizations, it is possible to manage this expertise in a single department, but larger organizations are typically split into a number of technically specialized departments. In many organizations, the technical management departments are also responsible for the daily operation of a subset of the IT infrastructure.

This shows that, although they are part of a technical management department, staffs that perform these activities are logically part of the IT operations management function.

IT operations management

IT operations management is the function responsible for the daily operational activities needed to manage IT services and the supporting IT infrastructure. This is done according to the performance standards defined during service design.

In some organizations this is a single, centralized department, while in others some activities and staff are centralized and some are provided by distributed or specialized departments. IT operations management has two sub-functions that are unique and are generally organizationally distinct.

These are:  IT operations control this is generally staffed by shifts of operators which ensures that routine operational tasks are carried out. IT operations control will also provide centralized monitoring and control activities, usually using an operations bridge or network operations centre. Facilities management this refers to the management of the physical IT environment, usually data centres or computer rooms.

In many organizations technical and application management are co-located with IT operations in large data centres. In some organizations many physical components of the IT infrastructure have been outsourced and facilities management may include the management of the outsourcing contracts.

Application management

Application management is responsible for managing applications throughout their life cycle. The application management function supports and maintains operational applications and also plays an important role in the design, testing and improvement of applications that form part of IT services.

Application management is usually divided into departments based on the application portfolio of the organization 1. Thus allowing easier specialization and more focused support.

In many organizations application management departments have staff who perform daily operations for those applications. As with technical management, these staff logically form part of the IT operations management function.