Abstract: In certain embodiments, a system maintains a plurality of metadata elements. Each metadata element indicates a current classification value for user data described by that metadata element. The system detects the occurrence of an event and automatically determines which of the metadata elements are affected by the event. For each metadata element affected by the event, the system automatically determines an updated classification value for the user data described by that metadata element and dynamically modifies the metadata element to indicate the updated classification value.

Abstract: Systems and methods of managing computing resources of a computing system are described. A computing resource list and computing resource information may be stored at a data store. The computing resource list may identify a set of computing resources of a computing system, and the computing resource information may respectively describe the computing resources. The computing resource list may be updated in response to a new computing resource being added to the computing system or in response to an existing computing resource being removed from the computing system. Evaluation tasks for the computing resources may be performed, and a resource evaluation report may be generated during performance of at least one of the evaluation reports.

Abstract: Systems and methods for managing risk management rules are provided. A risk management rule may be configured at a rule configuration interface are described. The rule configuration interface may include a list of access rights available for selection. Based on input received, one of the access rights may be identified as a base access right and one of the access rights may be identified as a conflicting access right for the risk management rule. The access rights provisioned at the computing system may be monitored to determine whether a user is provisioned with both the base access right and the conflicting access right. If so, a violation review may be created and presented at a violation review interface at which a decision for the violation review is receivable. An exception to the risk management rule may also be configured at an exception configuration interface.

Abstract: Systems and methods for facilitating reviews of IAM information are described. A list of pending reviews of respective access rights of a computing system may be provided to a display device for presentation at a display interface. A review decision for one of the pending reviews may be received such that the pending review becomes a completed review. The review decision and a date the review decision was received may be stored at a data store. An access right associated with the completed review may be selected in response to a review event that requires review of that access right. It may then be determined whether the completed review is accreditable to review of the access right selected for the review event based on the date the review decision was received for the completed review.

Abstract: Systems and methods of managing computing resources of a computing system are described. A computing resource list and computing resource information may be stored at a data store. The computing resource list may identify a set of computing resources of a computing system, and the computing resource information may respectively describe the computing resources. The computing resource list may be updated in response to a new computing resource being added to the computing system or in response to an existing computing resource being removed from the computing system. Evaluation tasks for the computing resources may be performed, and a resource evaluation report may be generated during performance of at least one of the evaluation reports.

Abstract: Systems and methods for ensuring the quality of identity and access management information at a computing system are described. Access right information that respectively corresponds to one or more access rights may be stored at a data store. The access right information may be stored in accordance with a data model that defines respective relationships between the access rights and both the users having access to the computing system and the computing resources of the computing system. At least a portion of the access right information may be retrieved, and quality assurance tasks may be performed using the portion of the access right information retrieved.

Abstract: Systems and methods for granularly expressing risk associated with computing resources of a computing system are described. A resource detail interface may be provided that includes a permission list identifying a permission to a computing resource of the computing system. A review flag of the permission is configurable at the resource detail interface in response to input received at the interface. The review flag may be set based on the input received at the resource detail interface to indicate whether review of the permission is required. A resource review interface may display a list of pending reviews of access rights, and a decision for a review may be received at the resource review interface. A review of an access right may be created in response to a determination that a computing resource permission associated with the access right requires review.

Abstract: Systems and methods are provide for reconciling access rights of a computing system are described. Access right information that respectively corresponds to access rights of a computing system may be obtained and evaluated. Reconciliation tasks may be performed using the access right information, and a reconciliation report may be generated during performance of at least one of the reconciliation tasks. The reconciliation report may indicate that one or more of the access rights should either be provisioned or revoked at the computing system.

Abstract: A data model for managing identity and access management (IAM) data implemented at an electronic database may include a set of logical resource elements, a set of physical resource elements, and a set of access requests elements that respectively model logical resources, physical resources, and access requests received at an access request manager of an enterprise. The physical resource elements may be respectively associated with the logical resource elements such that access rights for the physical resources may be obtained based on a logical resource specified in the access request. A system for managing IAM may include a mapping module configured to transform heterogeneous IAM data provided by a plurality of IAM data sources into homogeneous IAM data formatted according to the common IAM data format. A data store may implement the IAM data model such that the data store is configured to store the homogeneous IAM data.