The instruction manual for running an identity governance program. Six layers in build order decide why the program exists, who owns its decisions, what it covers, what comes first, how it runs, and how often everything gets checked. Four metrics read whether it responds.
Six layers in dependency order. Select a layer to see what it decides and how it breaks.
From the Operational Metrics Specification, transcribed from the published research. No benchmark thresholds; values are the program's own.
Starting state sets the on-ramp. Archetype sets the target shape. The six layers are the same in every cell.
| archetype Regulated enterprise | archetype Small product organization | archetype Public sector body | |
|---|---|---|---|
| greenfield no governance yet | New banking subsidiary | Startup standing up its first controls | Newly created agency |
| bluefield partial rebuild beside legacy | Bank mid-migration to a new IGA platform | Scale-up replacing its early tooling | Ministry modernizing one directorate |
| brownfield years of accumulated access | Established insurer, never governed centrally | Ten-year-old SaaS with entitlement debt | Legacy department estate |