IMA Governance Roles


Assigning roles and responsibilities for the IMA effort is an important step and should occur as a result of the meetings that create the vision. Rather than define these roles in terms of positions, we'll describe them generically with some hints as to how these generic roles map onto some common organizational structures.

The roles that we discuss in this section were influenced by the NASCIO Enterprise Architecture toolkit[1]. The NASCIO toolkit identifies eight primary and seven supporting roles in the creation of a governance model for an enterprise architecture. We have adapted those roles into an IDM process.

There are two categories of roles: primary and supporting. The model below shows some of the relations of primary vs supporting roles:

Primary IDM governance roles#

Primary rolesSupporting roles
AudienceEnterprise executive
ChampionSubject-matter expert (SME)
OverseerTechnical operations staff
ManagerProduct/project teams
IDM teamProcurement manager
CommunicatorSpecial interest groups

Primary Roles#

Primary roles are those that directly perform the work of creating the IDM. Only primary roles for clarity.


All of the stakeholders in the IMA effort take on the role of audience. These stakeholders include the enterprise executive, business executives from other parts of the organization, IT staff, partners, suppliers, and customers. Understanding the audience will provide significant guidance to the IMA effort. The audience will eventually have to live with the results of the IMA even though they are not necessarily participating directly in its creation. Communicating the IMA process, progress, and results to the audience is critical.


A champion is the person pushing the project and putting energy and resources into moving it forward. Typically, the champion will be a high-level executive (say, the CIO) who has decided that creating an IMA is an important strategic objective. That doesn't mean that the champion was the first to see the advantage of an IMA. Indeed, someone else will typically have sold the champion on the merits of digital identity.


Overseer is a role that is typically implemented by a committee or team. The overseer's role is to provide oversight for the IMA project and ensure that the mandate of the enterprise executive is fulfilled.


The manager is the executive responsible for directing the overall IMA effort, and ensuring that the directives and requirements of the overseer are met. The manager works with the champion to select people to fill other important roles. Often the manager and the champion are the same individual. The manager needs to have sufficient standing in the organization to effectively carry out the mandates from the champion and overseer. As such, the manager is typically a senior-level IT employee. The manager has the following responsibilities:
  • Select people to serve as reviewers and chair the activities of the review function.
  • Select the communicator and ensure that the communicator has instructions about how, what, and when to communicate. The manager ensures that communication is supporting the overall IMA effort.
  • Select and supervise the IMA team (s).
  • Seek out and work with advisors to ensure that the process is following best practices.

IDM team#

The IDM team is the heart of the IDM model. The IDM team does the actual work of creating the architecture and will typically consist of a few knowledgeable IT staffers. The champion and the manager should trust the IDM team. Further, members of the team should have a mature understanding of the business and its goals as well as identity technologies. The IDM team might also include in a support role, subject-matter experts, or members of the service, project or product teams. The IDM team should not be populated solely with the existing information security group, although some members of that group should either be on the team or designated as subject-matter experts.

The IMA team is charged with creating and maintaining the documents that make up the IDM. The key requirement for this function is the ability to understand the process and write clearly.

The IMA team has the following responsibilities:

  • Create IMA documents in consultation with the manager, reviewer, and advisor, after carefully considering the audience.
  • Provide the communicator with the information necessary to communicate the plan and process to stakeholders.
  • Provide IMA deliverable documents to the reviewer.
  • Update the documents according to input from the reviewer and manager.
  • This role can take a significant amount of time and may need to be full time in a large organization.


The communicator's role is to provide information about the process, progress, and results of the IMA to the audience and people in supporting roles who are not involved in the day-to-day effort. We assume that those in primary roles get information about the IMA through their participation, but if that's not the case, the communications plan should include them as well.

The communicator receives information from the IMA team, the reviewer, and the manager. The communicator and the manager make this information available to the audience and others in accordance with a jointly created communications plan. The communications plan does not need to be elaborate, but should take into account the differing needs of the people in the audience and other roles. For example, the audience includes customers who may need to be told very little about the IMA itself but get detailed information during the implementation phase. The objective of the communications plan should be to ensure that members of the audience understand the IMA in the correct amount of detail. Communications should always be written to build support within the enterprise for the IMA.


An adviser guides the manager, providing clarity and supporting best practices. The advisor could be the champion, other enterprise executives, or someone else who has knowledge about the goals and objectives of the IMA, the political landscape within the enterprise, best practices from other organizations, and so on. There may be a number of people who fill the adviser role, and their advice may be limited to areas of specialization. Often the enterprise will bring in an outside consultant who has past experience in creating an IMA to serve in the adviser role.


The role of reviewer is crucial to the IMA effort. The reviewer is usually a committee staffed by senior executives from the business organizations in the enterprise as well as the IT organization. The reviewer's role is to evaluate the IMA documents, recommend changes, and to approve or disapprove them.

The people assigned to these roles will change over time, and so change should be planned for and accepted as part of the process. Indeed, the make-up of the groups playing the reviewer and advisor roles is likely to change as the IMA process matures.

Supporting Roles#

Supporting roles help create the IMA, but are not necessarily involved in the day-to-day process.

Enterprise executive#

The enterprise executive provides the strategic reasons for creating an IMA and identifying the high-level objectives of the IMA process. The enterprise executive is typically the CEO or other high-level executive who can help the champion and manager bring other players to the table.

Subject matter expert#

The process of creating an IMA will require the expertise of a number of people both inside and outside the enterprise. The manager and reviewer as well as the service, project, and product teams use subject-matter experts.

Technical operations staff#

The technical operations staff is responsible for day-to-day IT operations. This is the group of people who manage the network, operate the servers, and so on. They are a user of the IMA and provide feedback to the IMA team as part of the IMA lifecycle. Moreover, the technical operations staff can provide valuable feedback to the IMA team about what is feasible and what is not.

Product and project teams#

Product and project teams consist of everyone involved in implementing a project or bringing a new product to market. Typically, project teams are used on inward-facing engineering activities, and product teams are used to build things that will be bought by customers (including services). The product and project teams are users of the IMA and can provide valuable feedback to the IMA team. Product and project teams will be required to comply with the IMA in their designs and engineering, so their participation and buy-in is crucial.

Procurement manager#

The procurement manager is responsible for setting and enforcing procurement policies and procedures. These policies and procedures are not part of the IMA, but they can play an important role in helping enforce the IMA, and the policies and procedures in the IMA must be consistent with those of the procurement manager.

Special interest groups#

The role of special interest groups is something of a catch-all role to include those people and groups who provide advisory input to the IMA process, identifying special needs or requirements.

More Information#

There might be more information for this subject on one of the following:
[#1] See https://www.nascio.org/publications/index.cfm.