Explanation of terms

Certification describes the process whereby responsible persons (e.g., line managers) regularly check and confirm whether a person's existing access rights are still correct, necessary, and compliant with regulations.

Recertification is the repeated performance of this audit at regular intervals, a central component of modern identity governance strategies and often also required by regulations (e.g. according to NIS2, ISO 27001 or SOX).

 

Why is this important?

With every role change, department transfer or project termination, there is a risk of "privilege creep", i.e. the gradual accumulation of unnecessary rights. Through attestation and recertification processes, excessive or outdated authorizations can be specifically identified and removed. This protects against misuse, internal risks and simplifies audits.

 

Typical use cases

Regular access reviews by managers

Automated reminders for recertification

Integration into IAM systems for audit-proof traceability

 

In short:

Attestation and recertification help companies to answer the central question:

"Who has access to what and why?"