Regulations in Identity and Access Management

Abstract

The need for Identity and Access Management solutions for organizations are growing vastly. The purpose of the thesis is to bring knowledge for organizations on what Identity and Access Management is, which regulations are important when Identity and Access Management is used, basic knowledge on common practices regarding the regulations and how these need to be taken into consideration when implementing the solution.

In the beginning of the thesis, it is explained what Identity and Access Management is and what the benefits of IAM are for organizations. Then deep dive is made on the regulations needed in IAM solutions. Last part of the thesis called ‘common practices’ investigates the basics of what an organization should know and do regarding the regulations introduced and what the process is from the vendor’s perspective when the IAM solution is implemented.

The conclusions for this thesis are that IAM is a crucial part of Information Technology security, and it is a big entirety - which requires many different laws and regulations to be complied with it. The biggest and most important one is the General Data Protection Regulation which needs to be complied in any organization which handles customer data. When starting an IAM solution implementation project, the compliance work starts from the organization buying the solution, then joining forces with a vendor suited the best for this solution.