Below is the first in a few posts looking at managing access and entitlements across an employee lifecycle (from hire to termination). This post covers some basic concepts and definition of terms.
The OASIS Provisioning Services Technical Committee describes provisioning as:
...the automation of all the steps required to manage (setup, amend and revoke) user or system access entitlements or data relative to electronically published services.
In the context of HR processes, the term "provisioning" is commonly used in a few different contexts, but it broadly describes a process of communicating to a target system the information that system needs to authenticate users and to determine their access privileges. Perhaps the most critical task within the provisioning process is "de-provisioning," which refers to the removal of access rights and entitlements.
Provisioning is a horizontal enterprise process that has special relevance for HR systems management because access and entitlements for individuals usually are derived from a individual's status as an employee or contractor and from the particular position they hold or role they play.
New hire and termination processes are of special concern in managing provisioning. The new hire process is of concern, since new employees cannot become fully productive until granted system and facility access they require to do their jobs. Termination is of concern because of the security risks posed if terminating employees are not properly de-provisioned from systems. Provisioning and de-provisioning also may be triggered by many other intervening business and life events (for example, new projects, transfer, promotion, sabbatical, etc.).
