HomeIdentity Security Encyclopedia › Attestation

Attestation

Attestation (also called access recertification) is the formal process of reviewing and validating that user access privileges are still appropriate — requiring managers or data owners to confirm or revoke entitlements on a periodic basis.

IGA Compliance Access Review

❓ What is Attestation?

Attestation (also called access recertification) is the formal process of reviewing and validating that user access privileges are still appropriate — requiring managers or data owners to confirm or revoke entitlements on a periodic basis.

⚙️ How Does It Work?

The IGA platform generates attestation campaigns listing users and their entitlements. Reviewers certify (approve) or revoke each entitlement. Uncertified access is automatically removed. Results are stored as audit evidence.

📍 Where Is It Used?

Regulated industries (finance, healthcare, government) where periodic access reviews are required by SOX, HIPAA, PCI-DSS, or ISO 27001.

💡 Real-World Example

A bank runs quarterly attestation campaigns via SailPoint. Each manager certifies their team's SAP access. 12% of entitlements are revoked as employees changed roles. The audit report shows 100% completion — SOX control passed.

🔗 Related Terms

Access Certification IGA SOX Compliance SailPoint Saviynt
← API KeyAWS IAM →

Stay Ahead in Identity Security

Get weekly IAM, PAM & IGA insights delivered to your inbox via Identity Pulse.

Subscribe to Identity Pulse →
Scroll to top