1 Introduction

Next Article

Properties > Advanced Properties > Custom > Organization Name. Press Ctrl A on the keyboard to select all text in the document (or use Select, Select All via the Editing header on the Home tab

1.1 Vision statement

The vision of [Service Provider] in the area of service management is as follows:

[Insert the vision statement defined as part of service strategy]

This process forms a key part of the realisation of that vision.

1.2 Purpose

Access management plays a critical part in the secure delivery of services and the protection of [Organization Name] assets such as personal information, financial data, intellectual property and commercially sensitive documents. In an increasingly connected world where cyber-crime is becoming more prevalent, the secure allocation and control of access forms a key cornerstone of our information security approach.

But access management is not just about preventing access to unauthorised people; it is also about ensuring that the level of service provided to legitimate users of our systems is responsive as well as secure and that unnecessary delays to the delivery of products and services to customers is avoided.

This document defines how the process of access management is implemented within [Organization Name].

The purpose of the access management process according to ITIL® is:

“ … to provide the right for users to be able to use a service or group of services.”

Source: “ITIL Service Operation Book 2011. Copyright © AXELOS Limited 2011. Reproduced under license from AXELOS

1.3 Objectives

The objectives of the access management process are to:

• Provide authorised users with access to services in line with service level requirements • Prevent users from accessing resources to which they are not authorised

• Ensure that access to services is controlled according to business requirements at all times

1.4 Scope

The scope of this process is defined according to the following parameters:

• Organizational o [List organizations and parts of those organizations covered] • Geographical o [List locations from which access requests will be submitted and managed] • Services o [Define the services covered by the process] • Technical o [If necessary, cover the technology that will be managed via this process]

This process covers the management of all access by [Service Provider] in support of the customers and users of services defined in the service catalogue.

The following areas are specifically excluded from this process:

[Describe any areas that need to be clearly stated as outside the scope]