Unlike provisioning systems, an access governance system collects information about user identities, entitlements, and roles from all information resources, including (but not limited to) provisioning systems. It enables business policies to be implemented as controls to ensure that regulatory compliance and risk management objectives are met.
Finally, it establishes collaborative processes among line-of-business owners and IT security managers for access certifications, access change management, and metrics-driven management of user roles.
Access governance systems present information about access rights and entitlements in a business, not a technical context. This means business owners understand the entitlements they are being asked to approve or reject, which means improved security and regulatory compliance.
Access governance systems also provide more complete audit trails than provisioning systems because they provide the IT security and compliance team unmatched visibility into fine-grained entitlements across the enterprise.
Rather than replacing user provisioning systems, access governance systems can be synchronized with them (see sidebar) to provide closed-loop enforcement of consistent, auditable access control policies.