Identity and Access Management Selection Framework (IAM Adventist)
Adventist Church Worldwide
This web application gathers technical and strategic input from each participant, applies weighted scoring, and produces a structured requirements profile, end-objective summary, and vendor-selection emphasis model for IAM platform evaluation.
Framework stance
Open standards, hybrid fit, portable identity
Governance model
Shared trust with delegated administration
Identity scope
Workers, members, and public-facing constituencies
Immediate selection signals
Questionnaire completion
Weighted requirement prompts
Vendor evaluation dimensions
End-state objective lenses
Step 1 · Participant capture
Chapter 01
These questions determine the business outcomes and missional objectives the platform must support beyond pure technical compliance.
How important is a single portable identity for employees, credentialed workers, members, and other authorized participants across church-operated systems?
Use this question to indicate how strongly the future platform must unify identity experience across organizational levels.
How strongly should the platform reduce barriers to secure collaboration across General Conference, divisions, unions, conferences, missions, and institutions?
This captures the value of interoperability across the global church structure.
Describe the core IAM requirements the selected platform must satisfy for this organization, institution, or platform context.
Capture the most important functional, governance, security, integration, lifecycle, or operational requirements that should influence vendor selection.
Describe the top end-state objectives this IAM platform must enable over the next three to five years.
Examples may include unified access, improved trust, stronger controls, lower admin burden, or improved member digital services.
Chapter 02
These questions clarify who must be represented, how those identities change over time, and how broad the platform footprint must be.
Which identity populations must be directly supported by the selected platform?
Select every population that the future platform must manage or federate.
Does the target platform need to accommodate multiple authoritative identity sources owned by different organizational levels or institutions?
This is critical for federated authority and directory coexistence.
Chapter 03
These questions define how authority should be distributed while preserving shared controls, trust, and auditability.
How important is delegated administration that mirrors the church structure while preserving policy guardrails and separation of duties?
This is central to the federated governance model you described.
Does the future platform need central policy templates with localized administration and exceptions handling?
This identifies whether shared trust must coexist with regional or institutional autonomy.
What governance or decision-right concerns must be addressed before a global shared IAM framework can succeed?
Capture issues such as ownership, trust, autonomy, funding, or accountability.
Chapter 04
These questions translate your current technical environment into evaluation criteria for interoperability and migration.
How important is support for hybrid deployment, sovereign hosting patterns, and regional data residency constraints such as EU handling?
This determines how strict the platform’s deployment and hosting model must be.
How important is native support for open standards and protocols to avoid long-term dependence on a single vendor approach?
Consider federation, provisioning, directory sync, and application integration standards.
Which integration pattern best describes your target expectation for legacy, on-premises, SaaS, VPN, and cloud platforms?
Choose the option that best reflects expected breadth and difficulty of integration work.
Document the existing identity sources, directories, or platforms that the new solution must integrate with, coexist with, or replace.
Examples include Active Directory, Entra ID, Google Workspace, Okta, LDAP directories, HR sources, and application-owned stores.
Chapter 05
These questions identify the strength of control and the user experience the selected IAM platform must deliver.
How important is broad single sign-on and federation support across workforce, member, and partner-facing systems?
This is a core discriminator for the future platform.
How important is support for strong MFA, adaptive authentication, and passwordless patterns for relevant populations?
Consider usability as well as control strength.
How important is privileged access management, elevation control, or high-risk administrative session governance?
This helps determine whether PAM should be first-class in the platform strategy.
How important is securing APIs, service accounts, and non-human identities as part of the broader IAM evaluation?
This identifies whether the scope extends beyond interactive users.
Chapter 06
These questions ensure the selected platform respects church stewardship principles and external obligations.
How important is demonstrable support for GDPR-aligned privacy handling, ISO 27001 control alignment, SOC 2 evidence expectations, and NIST-informed security practices?
This assesses the strength of reporting, policy, and control support required from the product.
Does the platform need enforceable regional boundaries, selective data placement, or residency-aware administrative controls?
Use this question to express hard regional handling requirements.
Describe any privacy, consent, jurisdictional, or stewardship concerns that should strongly influence vendor selection.
Capture any concerns that are non-negotiable or politically sensitive.
Chapter 07
These questions capture how the platform must operate day to day and how success should be monitored.
How important are operational dashboards, audit exports, access analytics, and board-ready or audit-ready reporting?
This differentiates products with strong operational observability from products that only handle sign-in.
How important are resilience, high availability, disaster recovery, regional continuity, and strong vendor support maturity?
This indicates whether operational robustness is a major selection factor.
How important is an administrative experience that regional and institutional teams can operate effectively without excessive specialist dependence?
This is especially relevant in a federated church support model.
What measurable indicators would tell you the new IAM platform is succeeding after implementation?
Examples may include provisioning speed, audit readiness, user adoption, fewer access incidents, or better regional coordination.
Chapter 08
These questions convert vision into implementation priorities and vendor evaluation criteria.
When should the following capabilities be available in your target roadmap: SSO, MFA, lifecycle management, provisioning, federation, access reviews, PAM, API security, CIAM, passwordless, delegated administration?
Use the notes field after submission to explain any phase-specific nuance or dependencies.
How low is your tolerance for proprietary dependence that would make future migration, coexistence, or standards-based interoperability difficult?
Use a high rating if platform portability is a critical board-level or strategy-level requirement.
What selection criteria would immediately disqualify a vendor or materially reduce confidence in the platform?
Capture red lines such as residency limitations, weak federation, poor delegated administration, or inadequate privacy controls.
How ready is your organization or team to participate in a phased IAM rollout with shared governance, policy alignment, and migration activity?
This helps interpret ambition against implementation readiness.