Program Governance Body
You can create an Identity, Credential, and Access Management (ICAM) program governance body (for example, an Executive Steering Committee) to oversee your ICAM projects and workstreams and align ICAM services and management with your agency’s mission. The agency’s executive leadership will charter the governance body.
An ICAM program governance body can include the following personnel:
- Chief Information Officer (CIO)
- Chief Financial Officer (CFO)
- Chief Security Officer (CSO)
- Chief Data Officer (CDO)
- Human Resources (HR)
- General Counsel
- Chief Acquisition Officer (CAO)
- Senior Agency Official for Privacy (SAOP)
- Senior Agency Official for Physical Security (SAOPS)
- Agency component organizations that manage ICAM programs and capabilities
The governance body specifies the group’s authority to enforce changes, when necessary, to align ICAM technology, policy, and execution with your agency’s overall mission.
Roles and Responsibilities
We recommend you create a charter to govern the roles and responsibilities of your governance body. A governance body typically performs the following functions:
- Reviews and approves the program business architecture.
- Ensures proper resource allocation to ICAM programs and projects.
- Provides input for, or participates in, the critical development stages of the ICAM program.
- Provides strategic guidance for cost, schedule, performance, and technical solutions to ensure program success.
- Provides direction and counsel to the ICAM Program Management Office (PMO).
- Establishes cross-team collaboration to provide guidance, identify common agency challenges, establish best practices, and share solutions.
- Takes responsibility for overall stakeholder management, including stakeholders inside the agency, in other federal agencies, and outside the federal government.
- Creates and approves a process to review ICAM program changes and resolve disputes between ICAM and individual program offices.
- Reports on program status to oversight organizations, such as the Office of Management and Budget (OMB), Office of Inspector General (OIG), and Government Accountability Office (GAO).
- Reviews post-implementation evaluations to ensure that ICAM services and programs meet forecasted benefits and outcomes.
A component agency’s interdisciplinary team is usually comprised of the agency’s ICAM-related program managers and information technology (IT) experts. This team’s purpose is to provide ICAM-related recommendations to the governance body to help drive the ICAM program’s success via a bottom-up approach.
These groups leverage their experience and business context to provide the governance body with strategies, insights, and lessons learned around the following subjects:
- Risk management and mitigation.
- Impact of decisions on program executors.
- Improved buy-in across the agency.