Legal & Compliance

Purpose

Identify access entitlement outliers within department+role cohorts to support access governance reviews. Groups profiles by department and role, computes median entitlements per cohort, and flags profiles significantly above median.

Input Data

• —Identity profiles (department, role)
• —Identity entitlement assignments

Output Data

• —Peer group statistics (median, common entitlements)
• —Outlier profiles with prevalence percentages
• —Classification: common (>50%), review (<=50%), likely excessive (<=20%)

Model & Processing

Known Limitations

• !Cohort grouping by department+role may create proxy discrimination if organizational structure correlates with protected characteristics
• !Small cohorts produce unreliable statistics
• !Does not account for legitimate business exceptions
• !Thresholds (50%/20%) are not validated against external compliance expert judgment

Fairness Measures

• +Minimum cohort size of 5 profiles before analysis runs
• +Monthly monitoring of outlier detection rates by department
• +Statistical algorithm, not ML — deterministic and reproducible
• +Results are advisory only; no automatic consequences

Human Oversight

Outlier classifications are advisory only. No automatic access revocation based on outlier status. Results feed into access review campaigns where human reviewers make all final decisions.

Appeal Process

Employees flagged as outliers may request human review through the appeal mechanism. The compliance team reassesses entitlement assignments without algorithmic input.

Data Governance

Computed on-demand; results not persisted beyond request lifecycle. No personal data used for training. All processing within EU boundaries.