CIO Executive Council members say governance is key to successful identity management. “The only way you can adjudicate identity management policy questions is with a good governance structure,” says Bruce Metz, CIO of Thomas Jefferson University. At Tufts University, where Metz was CIO prior to coming to Jefferson University earlier this year, an IT Council composed of stakeholders across the institution made decisions about IT spending priorities. An IT Policy and Security Committee that reported to the Council developed policies and security practices, including those related to identity management. Metz aims to set up a formal structure at Thomas Jefferson. He advises that CIOs setting up a security governance body in a corporate or campus setting make sure they include representatives from the following departments:* Human resources: Identity management is all about people—who they are, what information you have about them, who has access to that information and who can modify it. “Human resources is the custodian of the people who make up the organization, and they need to be involved in governance to represent that interest,” Metz says. * Legal: Be sure to include a legal representative on your team. “You need to make sure your policy is enforceable and that it is reasonable,” Metz says. * Chief security and privacy officers: If your organization has a CSO or CPO, they should be on the security governance committee.* Representatives of key business units or functions: For example, Metz tapped a representative from the head academic office and the head administrative office while at Tufts. You should include someone from from each of the company’s main business units. If customer data collection is a big issue, include a representative from sales or marketing. And in any setting you should also include someone from finance. * Internal audit: Someone from the internal audit department will help ensure that policies are compliant with federal regulations, such as HIPPA. Related content brandpost Sponsored by AWS in collaboration with IBM How digital twin technology is changing complex industrial processes forever As the use cases for digital twins proliferate, it is becoming clear that data-driven enterprises with a track record of innovation stand the best chance of success. By Laura McEwan Dec 05, 2023 4 mins Digital Transformation brandpost Sponsored by AWS in collaboration with IBM Why modernising applications needs to be a ‘must’ for businesses seeking growth Around one-third of enterprises are spending heavily on application modernisation and aiming for cloud native status. The implications for corporate culture, structure and priorities will be profound. By Laura McEwan Dec 05, 2023 5 mins Digital Transformation opinion 11 ways to reduce your IT costs now Reorienting IT’s budget toward future opportunities is a big reason why CIOs should review their IT portfolios with an eye toward curbing unnecessary spending and realizing maximum value from every IT investment. By Stephanie Overby Dec 05, 2023 11 mins Budget Cloud Management IT Governance news analysis SAP faces breakdown in trust over innovation plans The company’s plan to offer future innovations in S/4HANA only to subscribers of its Rise with SAP offering is alienating customers, user conference hears. By Peter Sayer Dec 05, 2023 6 mins SAP Cloud Management Innovation Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe