This process will be collaborative to ensure that the content is both applicable and relevant to the risks the business faces. We aim to utilise the expertise we've acquired from working with customers on a variety of identity and access management projects. This includes IDAM Strategy, current state assessments of identity and privileged access management, and the implementation of critical identity control tools. These tools encompass Single-Sign On, Self-Service, and MFA. Additionally, we have experience with identity threat protection platforms and analysing solution options for customers. This analysis is always tailored to the specific business context, requirements, and drivers.

**Assessment Methodology **

The Identity and Access Management Services presented in this proposal are specifically designed to meet the risks of your organisation and meet your compliance obligations requirements. A central part of our engagement is to offer a comprehensive view of the current state and posture. This view is created through a a thorough review of the following aspects of your organisation’s identity and access management ecosystem. we gather this information both workshops and guided interviews, as well as,, in-depth technical discussions with SMEs from the identity, security, networking, cloud, risk, and compliance teams. Below is a summary of topics covered: • User Personas • User Lifecycle including source of truth, onboarding, offboarding • 3rd Party and contractor access • Federation and user synchronisation • Service account usage • Single-Sign on • Authentication methods and constraints applied • Self-Service • Identity Governance Capabilities • Access Management, including Privileged Access • Multi-factor authentication policies, enforcement and usage • Risk mitigation and fraud detection techniques in use • Threat detection currently available, including across both on-premises and cloud • Policies and standards currently endorsed and applicable.

**Deliverables **

A detailed Identity and Access Management Assessment Report that includes an at a minimum Executive Summary, Findings, Recommendations, and supporting evidence. Detailed advice from leading identity experts on your current identity security controls or potential gaps with key observations and risks clearly articulated with a risk-based approach. Prioritised recommendations that can be incorporated into future security/identity roadmaps Pragmatic approach to identity operations and maximisation of resources across people, process, and technology stacks. Benefit of knowledge transfer whilst highlighting controls gaps. Recommendations for tooling or alternative control methods to enhance security Alignment to internal risk-based matrix or security frameworks as required.