An Identity Management Practice Statement (IMPS) is defined in the SWAMID Policy:
The Identity Management Practice Statement is a description of the Identity Management lifecycle including how Subjects are enrolled, maintained and removed from the identity management system based on the Identity Assurance Profiles.
An Identity Management Practice Statement is a requirement for SWAMID membership.
- The identity management practice statement should be short and to the point.
- Describe essential processes in detail - bullet points and short descriptions are usually enough.
- Make sure the description matches reality. In the case of a security breach you will be audited against your current practice statement.
- An identity management practice statement template is available at SWAMID Assurance How-To.