Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The Gartner IAM Program Maturity Model

34,925 views

Published on

Find out more at europe.gartner.com/iam

Published in: Technology, Business, Education
  • Login to see the comments

The Gartner IAM Program Maturity Model

  1. 1. BU: business unit; IAM: identity and access management; PMO: program management office; EA: enterprise architecture; RACI: responsible-accountable-consulted-informed; GRC: governance, risk and compliance The Gartner IAM Program Maturity Model Developing Optimized Initial Defined Managed 2 5 1 3 4 IAM Program Maturity Level Business Value Architecture and Infrastructure Design Processes Vision and Strategy Organization Conceptual awareness at best Certain business drivers identified; tactical priorities set Business-aligned vision defined; strategic priorities set IAM vision and strategy continually reviewed to track business strategy Periodic optimization of vision and strategy Informal, basic roles, responsibilities decentralized Technical projects sponsored by BUs and CISO; informal inventory of IAM skills IAM PMO established, IAM roles and training needs defined IAM PMO active, RACI matrix defined; proactive skill development Optimal integration with business; skills optimized Ad hoc, informal Semiformal BU-specific and target-specific processes Formal processes defined, consistent across BUs and target systems Formal processes integrated and refined; aligned with business processes Process optimization Possible use of target-specific productivity tools Disjoint technical projects; technology redundancy likely Discrete IAM architecture defined; rationalization and consolidation in hand IAM architecture refined and aligned with EA IAM architecture embedded within EA; optimization None measurable Tactical efficiency and (maybe) effectiveness improvements; low direct value Sustained, quantifiable improvements tied to GRC imperative; moderate direct value Sustained, quantifiable contribution to all key business imperatives; high direct value Business value optimization; transformational direct value Blissful Ignorance Awareness Corrective Operational Excellence Legacy Program Maturity Level Governance Ad hoc, informal Subsumed within InfoSec (and InfoSec governance structures) IAM governance structure defined and accepted IAM governance structure fulfilled and refined IAM governance optimization

×