Legal & Compliance

Purpose

Generate non-binding access review recommendations to assist human reviewers in identity governance campaigns. Analyzes peer group prevalence, entitlement risk levels, segregation of duties conflicts, and dormancy.

Input Data

• —Identity entitlements and assignments
• —Identity profiles (department, role)
• —Access review item metadata
• —Entitlement risk levels
• —Segregation of Duties violation flags
• —Peer group prevalence statistics

Output Data

• —Recommendation per item: approve, revoke, or flag for review
• —Confidence score (0-100%)
• —Natural language rationale

Model & Processing

Known Limitations

• !Cannot assess business context for legitimate exceptions
• !Peer group analysis depends on accurate department/role data
• !Confidence scores are not calibrated probabilities
• !Small peer groups (<5 members) produce unreliable statistics

Fairness Measures

• +Monthly automated bias audits measuring demographic parity and disparate impact ratio
• +Override rate monitoring by department and role group
• +Minimum cohort size (5 profiles) for peer group analysis
• +Action threshold: >10% deviation triggers investigation

Human Oversight

Human reviewer must explicitly approve or reject each access review item. AI recommendation is non-binding and displayed alongside raw entitlement data. Overrides require documented reason and are logged for audit.

Appeal Process

Any person affected by an AI-assisted access decision may request human-only review via the Appeal button. Appeals are assigned to the compliance team and resolved within 14 days. The reviewer reassesses without AI recommendation visible.

Data Governance

Recommendations cached for 90 days after access review completion, then purged. No customer data used for model training. All processing in France (EU). Tenant-isolated via row-level security.