Access Management is an execution of Security and Availability
Management, these two areas will be responsible for defining the appropriate
roles. It is unusual for an organization to appoint an ‘Access Manager’, although
it is important that there is a single Access Management process and a single set
of policies related to managing rights and access. This process and the related
policies are likely to be defined and maintained by Information Security
Management and executed by the various Service Operation functions. Their
activities can be summarized as follows