Home / ISO 27001 Glossary of Terms / Identity Management

Identity Management

13/09/2025

Author: Stuart Barker | ISO 27001 Expert and Thought Leader

Identity management is the process of managing and controlling who has access to what within a system. Think of it like a digital key master who makes sure the right people get the right keys to the right doors. It ensures that only authorised users can access specific resources, like files or applications, and it keeps track of what they do. This is a key part of information security.

Examples

  • Logging in to a computer: When you type in your username and password, you are using a form of identity management. The system checks if your identity (username) and secret (password) are correct before letting you in.
  • Online banking: Your bank uses identity management to make sure that only you can see your account balance and make transactions. They might even use extra steps, like sending a code to your phone, to be extra sure it’s you.
  • Social media: When you sign up for a social media site, you create a profile, which is your digital identity. The site then uses this identity to control what you can see and do.

Context

In simple terms, identity management is about knowing who’s who in a digital world. It’s not just about a username and password. It’s about a complete system that manages all the identities of people and devices. This includes things like:

  • Authentication: Proving you are who you say you are. This can be done with a password, a fingerprint, or a face scan.
  • Authorization: Deciding what you’re allowed to do once you’re in. For example, a student can view their grades but not change them.
  • User provisioning: Creating and deleting user accounts as needed. When a new employee starts, an account is created. When they leave, it’s deleted.

The goal is to keep systems safe and make sure the right people can do their jobs without a hassle.

Relevant ISO 27001 Controls

The following controls from the ISO/IEC 27001:2022 standard are related to Identity Management:

About the author

Stuart Barker is an information security practitioner of over 30 years. He holds an MSc in Software and Systems Security and an undergraduate degree in Software Engineering. He is an ISO 27001 expert and thought leader holding both ISO 27001 Lead Implementer and ISO 27001 Lead Auditor qualifications. In 2010 he started his first cyber security consulting business that he sold in 2018. He worked for over a decade for GE, leading a data governance team across Europe and since then has gone on to deliver hundreds of client engagements and audits.

He regularly mentors and trains professionals on information security and runs a successful ISO 27001 YouTube channel where he shows people how they can implement ISO 27001 themselves. He is passionate that knowledge should not be hoarded and brought to market the first of its kind online ISO 27001 store for all the tools and templates people need when they want to do it themselves.

In his personal life he is an active and a hobbyist kickboxer.

His specialisms are ISO 27001 and SOC 2 and his niche is start up and early stage business.