- Products & services Products & services
- Resources ResourcesLearning
- Learning
- Identity University Get technical training to ensure a successful implementation
- Training paths Follow a role-based or product-based training path
- SailPoint professional certifications & credentials Advance your career or validate your identity security knowledge
- Training onboarding guide Make of the most of training with our step-by-step guide
- Training FAQs Find answers to common training questions
- Community Community
- Compass
- :
- Customer Success Center
- :
- Customer Success Updates
- :
- Craft your program strategy: How to keep your identity security program improving
Craft your program strategy: How to keep your identity security program improving
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Content to Moderator
Welcome to the sixth and final post in our craft your program strategy series. You’ve built the vision, charter, and roadmap; you’ve aligned leadership; you’ve orchestrated the four workstreams; and you’ve engaged services and partners. This capstone focuses on continuous improvement—how to revisit and update your charter and roadmap, scale your team as demand grows, and maintain (and expand) funding as your platform delivers value.
Key objectives / takeaways
- Adopt a quarterly rhythm to refresh your charter and roadmap so they stay aligned with business priorities.
- Use data-driven KPIs and your leadership triad (executive sponsor, program manager, steering committee) to drive decisions and protect scope and funding.
- Scale staffing intentionally—build or grow a dedicated identity team and augment with services and partners at the right times.
- Keep the four core workstreams (Identity, Connectivity, Data, Security) spinning in phases to deliver steady proof points.
Make your charter and roadmap “living” documents
Your charter establishes purpose, roles, and success metrics; your roadmap translates that intent into phased delivery. Treat both as versioned assets with regular, lightweight updates. In earlier posts we emphasized that the charter and roadmap work in tandem and should be revisited at least quarterly or at key milestones.
A practical quarterly cadence
- Monthly steering committee: review KPI trends (e.g., time-to-provision, certification completion), approve minor roadmap adjustments, and manage change control.
- Quarterly executive briefing: summarize outcomes vs. roadmap, highlight risk reductions/cost avoidance, and propose next-quarter investments.
- Version control & records: document “what changed and why” so you preserve institutional memory and continuity through leadership transitions.
Signals that trigger a mid-cycle refresh
- Material business changes (M&A, new regulatory obligations, a strategic SaaS rollout).
- KPI inflection (e.g., outlier spikes, “stuck” activity ingestion, audit findings).
- Capacity or skill constraints that jeopardize phase outcomes—rebalance scope or add services to stay on track.
Keep the workstream flywheel turning
Continuous improvement in identity security comes from feeding the flywheel: identity definitions shape connectivity scope; connectivity fuels data; data powers security controls; those controls create more data that refinines identity and access models. Plan and report in phases to maintain momentum.
- Identity: Expand beyond employees to contractors, third parties, and machine identities using delegated administration and least privilege.
- Connectivity: Prioritize AD/SSO, then onboard critical apps; integrate ITSM and ingest high-value activity feeds to enrich risk signals.
- Data: Lean on AI/peer analysis and access descriptions to clarify entitlements and drive cleanup.
- Security: Run targeted certifications, automate lifecycle, enable access requests, and implement SoD and privileged task automation.
Use our milestones to sequence tangible, fundable outcomes each quarter (e.g., Lifecycle management, Access modeling, Targeted certifications).
Scale your operating model and team
As adoption grows, your operating model should evolve from a “project squad” to a dedicated identity team with clear roles, coverage, and escalation paths. Our staffing guidance outlines time commitments and responsibilities across program manager, ISC admin/engineer, security architect, app owners, and more—use it to right-size capacity and avoid single-threaded delivery.
Practical steps
- Define a tiered support model (L1 help desk, L2 ISC admin, L3 engineer/architect) and on-call rotations.
- Build a training plan via SailPoint University and role-based enablement to keep skills current.
- Augment where it counts: combine subscription guidance (SASP), targeted Expert Services, and project-based Professional Services; leverage Delivery Admiral partners for accelerators and global scale.
Maintain funding—and earn more for growth
Funding follows outcomes. Anchor your asks in program KPIs, risk reduction, and cost avoidance, not just feature lists. In our leadership post, we showed how the sponsor, program manager, and steering committee use data and a phased story to secure continued investment.
What to bring to Finance
- Quarterly outcome deck: trend lines for time-to-provision, certification completion, high-risk entitlement reduction, and help-desk deflection; map each to dollar or risk impact (audit readiness, breach likelihood).
- Phase-based proposal: “We delivered X last quarter; next phase unlocks Y (e.g., machine identities, CIEM, privileged automation) with projected Z% ROI.”
- Service leverage plan: show how SASP/Expert/Professional Services reduce delivery risk and time-to-value for the next tranche.
For more detailed tactics, see maintaining program funding and securing executive buy-in.
Governance that actually scales
Great governance is consistent, brief, and focused on decisions. Reuse the meeting cadence and artifacts we recommended earlier—weekly stand-ups, monthly steering, quarterly exec briefings—anchored on a single source of truth (charter, roadmap, records).
- Change control: require a lightweight form for scope and connector changes; review in steering to guardrail “one-off” asks.
- Backlog hygiene: triage items into upcoming phases; tie each backlog item to a KPI and risk/benefit statement (keeps prioritization objective).
- Succession-proofing: document sponsor duties in the charter and co-chair meetings to survive leadership transitions.
A simple playbook for continuous improvement
Every quarter, do this:
- Report outcomes from the last phase (KPI wins, lessons learned).
- Refresh priorities in the roadmap: pull forward high-impact items (e.g., activity ingestion, role cleanup) and push out low-ROI work.
- Re-align resources: adjust staffing, schedule training, or engage services/partners to cover capacity or expertise gaps.
- Lock a phased plan across the four workstreams with 2–3 measurable deliverables and clear owners.
Guardrails to keep quality high
- Identity quality first: garbage in = garbage out—invest in clean HR data, attribute models, and joiner/mover/leaver automation before layering advanced features.
- Connect what you can govern: prioritize connectors that deliver visibility and actionable remediation, not just counts.
- Let data drive decisions: use AI/peer analysis and activity signals to inform reviews, requests, and SoD policies.
In a nutshell / next steps
Continuous improvement is a rhythm, not a one-time push. Keep your charter and roadmap alive, phase your delivery across the four workstreams, scale your team deliberately, and tie funding to outcomes. If you follow the cadences and proof-points we’ve outlined, your identity program will remain aligned, resilient, and well-funded.
- Revisit your program charter and roadmap; schedule your quarterly refresh now.
- Confirm leadership triad roles and the meeting cadence; publish the KPIs you’ll report monthly.
- Right-size your staffing plan and identify where services or partners accelerate the next phase.
- Map the upcoming quarter to our phased workstream plan and related milestones.
If you missed earlier entries, start with program vs. project, then read how the charter and roadmap guide delivery, meet your leadership triad, explore SailPoint services & partners, and learn to orchestrate the four workstreams in phases.
