Glossary term
IGA
Also: Identity Governance and Administration
Software category for identity governance: lifecycle management, role modelling, access recertification, segregation of duties, audit trail. Pulls the governance layer out of IAM.
Core functions: identity lifecycle (joiner-mover-leaver), role modelling and mining, access request with approval, access recertification (typically quarterly), segregation-of-duties checks, audit reports.
Market leaders: SailPoint, Saviynt, Omada, One Identity Manager, IBM Verify Governance, RSA Identity Governance. Cloud-native is still young; many companies combine on-prem IGA with cloud IAM.
Audit cases: joiner-mover-leaver discipline is a classic pain point in BAIT/VAIT audits. IGA is often the only solution covering all three phases with evidence.
Related terms
IAM (Identity and Access Management)
The stack of systems that governs who has access to which systems under which conditions. IAM covers…
PAM
Software category for governing privileged access: vault, session management, just-in-time permissio…
Joiner-Mover-Leaver
Standard-Workflow im Identity-Lifecycle-Management: Onboarding (Joiner), Rollenwechsel inkl. Berecht…
ICT Concentration Risk
Risk arising from dependence on a small number of or a single ICT third-party provider. DORA Art. 29…
ISO 27001
International standard for information security management systems. Current version ISO/IEC 27001:20…
ISO 27002
Companion standard to ISO 27001 that fleshes out the 93 Annex A controls. Not certifiable, but the p…
AI Act Conformity Assessment
Procedure to demonstrate that a high-risk AI system complies with the EU AI Act before being placed …
AI Act Risk Categories
Four-tier classification under the EU AI Act: prohibited (Art. 5), high-risk (Annex I/III), limited …