A view on ISO/IEC 27001 compliant identity lifecycles for IT service providers

This work aims at providing guidance on the challenges of complex identity lifecycle management in organizations, especially in customer oriented IT service providers. By providing a view on necessary requirements and potential processes which may contribute to enforcing identity lifecycle management., even in a multi-organization setting, we reduce the complexity of identity lifecycle management. We build upon the identity lifecycle and refine the areas of provisioning, de-provisioning and auditing by using the mechanisms depicted in the ISO/IEC 27002. By including previous less refined contributions on information security management in IT service management along with the current version of the IT Infrastructure Library (ITIL) v3 update 2011, we provide guidance on the required tasks and the contribution of IT service management to identity lifecycle management. Additionally, we find missing aspects which require additional implementation efforts for organizations which have adopted IT service management. These missing mechanisms are mainly identified in the lifecycle phases of usage and de-provisioning of an identity.