ISO/IEC 27001 Control 8.32: Change management

Changes to information processing facilities and information systems should be subject to change management procedures.

MidPoint is optional for implementation of this control.

Implementation of this control without midPoint is feasible. However, midPoint provides considerable advantages for implementation of this control, making the implementation more efficient and reliable.

MidPoint has numerous features that take part in management of identity-related changes.

Management of identity-related changes is one of the primary functionalities of identity governance and administration (IGA) platforms, such as midPoint. Naturally, midPoint provides numerous features to support change management procedures. Object lifecycle can be used to introduce new roles and policies in a gradual and safe manner, as well as decommission them. New policies (policy rules) can be applied gradually, only reporting policy violations at first, transitioning to full enforcement later when the violations are addressed. Organizational structure mechanism, together with automation provided by policy-driven role-based access control (PD-RBAC) provides controlled changes of privileges and entitlements even in large-scale re-organizations. Policy rules can be used to automatically detect and mark policy violations after a big change, providing opportunity to gradually address them. Simulation capability can be used to predict the effect of changes in roles, access control policies and configurations, avoiding unintended impact of the change before it happens. Synchronization capability of midPoint can detect policy violations that were caused by a change in external systems. Correlation mechanisms and synchronization reactions can automatically correct such policy violations, which may be necessary for large-scale changes. Violations that cannot be handled automatically can be marked for subsequent manual review. Orphaned account management can detect unmanaged accounts created by the change. MidPoint can provide assistance in fall-back scenarios, e.g. rolling back bulk changes in access control or quickly providing access to fallback systems. Audit trail and metadata maintained by midPoint provide an essential record of changes related to identity data and access control.

MidPoint provides essential features to support change management for data related to identities and access control. Even though change management applies to a much broader area than identity and access control, the identity-related part is crucial for maintaining appropriate levels of cybersecurity.