GRC Evolution

Home IAM GRC GRC Evolution

Definitions change. Requirements too. What once began as Identity Management is much more effective today.

It is not always strictly interpreted what the department can do for an organization today. This means that the terms are also used differently. We want to counteract the general confusion and show here the evolution from the former IDM to today’s GRC, the highest evolutionary level.



Identity Management

Digital identities

-> Objective: the reduction of user administration



Identity & Access Management

+Creation of role models

-> Objective: to simplify the assignment of access and rights



Identity Access Governance

+Approval processes

+Validations of authorizations

+Traceability of authorizations

-> Objective: the enforcement of guidelines and adherence to compliance



Identity Governance & Administration

“Gartner” definition: merging of two magic quadrants:

User administration & provisioning

Identity & Access Governance

-> Objective: the merger of several supplier products


Governance, Risk Management & Compliance

Summary of the three most important levels of action:

IT Governance

IT Risk Managament


Centralization of the complete identity life cycle

Extensive automation

-> Objective: consistent information security