definition of terms

Certification describes the process by which responsible persons (e.g., line managers) regularly check and confirm whether a person's existing access rights are still correct, necessary, and compliant with regulations.

Recertification is the repeated performance of this audit at regular intervals. It is a central component of modern identity governance strategies and is often required by regulations (e.g., NIS2, ISO 27001, or SOX).

 

Why is this important?

With every role change, department transfer, or project completion, there is a risk of "privilege creep," i.e., the gradual accumulation of unnecessary rights. Attestation and recertification processes can be used to identify and remove excessive or outdated permissions. This protects against misuse and internal risks and simplifies audits.

 

Typical use cases

Regular access reviews by managers

Automated recertification reminders

Integration into IAM systems for audit-proof traceability

 

In short:

Certification and recertification help companies answer the key question:

"Who has access to what and why?"