Introduction
An identity management practice statement Identity Management Practice Statement (IMPS) is defined in the SWAMID Policy:
Each Identity Provider that wishes to become a Member of SWAMID MUST create, publish and maintain an Identity Management Practice Statement. The Identity Management Practice Statement is a description of the Identity Management life-cycle including a description of how identity lifecycle including how Subjects are enrolled, maintained and removed from the identity management system . The statement MUST contain descriptions of administrative processes, practices and significant technologies used in the identity management life-cycle. The processes, practices and technologies described MUST be able to support a secure and consistent identity management life-cycle. Specific requirements are imposed by based on the Identity Assurance Profiles.The
An Identity Management Practice Statement
...
An identity management practice statement is a requirement for SWAMID membership.
Guidance
- The identity management practice statement should be short and to the point.
- Describe essential processes in detail - bullet points and short descriptions are usually enough.
- Make sure the description matches reality. In the case of a security breach you will be audited against your current practice statement.
- An identity management practice statement template is available at SWAMID Assurance How-To.