Understanding The Identity Management Institute

Identity Management Institute (IMI) is an international organization established to redefine and promote the identity management field, serve identity management professionals, increase identity risk awareness, and provide identity risk management standards, guidelines, certifications, and education.

The IMI mission is to provide solutions for evolving identity management challenges in the most creative, effective, and efficient ways.

IMI selects volunteers who are CIRM, CRFS, and/or CIPA members to be IMI Advisors, which provide guidance in-line with the IMI mission, objectives, and other operations. IMI advisors promote the highly professional ethics and standards for the identity management field or profession while they address identity theft risks, and educate members on how to best practice identity theft management today. IMI has trained and certified employees from organizations in key industries like financial services, healthcare, insurance, consumer products, government agencies, and consumer services.

Identity Management Institute | Available Programs & Certifications

Certified Identity Risk Manager | CIRM

This certification is made for professional who need to be aware of and manage certain identity risks within business operations and information systems.

There are many risks around ID and verification when employees are hired or when customer and business partners engage in business transactions... These potential risks and situations need to be monitored and managed to detect identity fraud and possible criminal activity. Processes like risk assessments and reporting help maintain effective updating for policies and procedures, mitigate identity risks, and to consistently comply with regulations. Some laws pertaining to personal identification, privacy, and fraud prevention may overlap with ID management. Legally companies need to manage these laws effectively, and are required to establish a formal Customer Identification Program or CIP, monitor account activities, and prevent identity fraud.

CIRM members of IMI generally work for government agencies and companies worldwide that are committed and responsible for managing identity risks facing their company. Having proper identity risk management through the entire "identity lifecycle" - During hire initiation or ID collection, monitoring, and termination - Ensures a stronger process for effective identification, security and privacy, fraud management, and regulatory compliance.

The CIRM certification demonstrates professional capabilities, commitment, and adherence to identity risk management standards.

The Identity Management Institute (IMI) administers the Certified Identity Risk Manager or CIRM designation and uses Critical Risk Domains (CRD) and IMI developed standards to maintain the CIRM Program.

The CIRM program updates and defines universal ID risks, promotes quality identity risk management practices, and certifies identity risk professionals worldwide.

Critical Risk Domains (CRD) - Are developed and used by IMI to define specific area used for training, testing, and certification. Identity Management Institute's CIRM Critical Risk Domains are:

1. Governance & Management - Identity management policies & procedures, training, & resources.
2. Internal Controls - Design, implement, and operate to mitigate risks found through risk assessments.
3. Technology Management - Automate & improve access management and ID validation processes internally & externally.
4. Awareness & Training - Necessary to increase risk awareness and comply with laws.
5. Access Management - Access to buildings, facilities, computer systems, and information provided based on appropriate approval and minimum access rules, ensuring data integrity & confidentiality.
6. Risk Assessment - Allows new threats and solutions to be identified, then managed on a timely basis.
7. Compliance - Must implement programs to comply with applicable State & Federal privacy & security laws such as HIPAA, Red Flags, & GLBA.
8. Auditing & Monitoring - Internal controls assessed for completeness & effectiveness. Detects unauthorized access or transactions, and properly validates, approves, and tracks identity.
9. Communication - Identified risks, decisions, & resolutions are then documented & communicated quickly to the appropriate parties.
10. Incident Management - Quick follow up, validate incident, assess risk level, remediate issue, & formally communicate the conclusion.

CIRM | Certification Benefits

• Validates the professional's education, experience, and skills.
• International credential helps professionals plan & manage their evolving career.
• Illustrates member's value & involvement to contribute or grow professional identity risk management.
• Shows professional interest & experience in effective identity risk management.
• Gives identity risk management professionals and consumers a way to collaborate and collectively share on ID risks.
• Educational & Networking Services - Includes blog, online discussion groups, and monthly newsletters - *Accessible from the navigation bar on the IMI website.

CIRM | How to Apply?

For a CIRM qualification assessment, interested candidates must apply for IMI membership and submit a CIRM application.

Candidates that submit a risk statement and demonstrate a combination of education, training, or experience may qualify to become a Certified Identity Risk Manager without an examination.

To receive a CIRM application - First become a member of the Identity Management Institute, and then pay a $100 Application Cost. (IMI uses PayPal and other third party credit card processors to receive payments. Candidates may also send a cashier's or company check with their applications by mail.)

CIRM | Maintenance - *Certified professionals must earn continuing education, adhere to IMI code of ethics, and be active members to maintain their CIRM Certification.

Certified Identity Protection Advisor | CIPA

IMI administers the Certified Identity Protection Advisor CIPA professional designation, using their certification standards established by IMI for training and examination. The CIPA certification is to provide strong identity theft protection training and validate identity theft management skills of professionals seeking CIPA.

Individuals that become CIPA professionals demonstrate unique knowledge and skills for solving issues facing consumers and businesses. The CIPA program is specifically to educate and certify professionals in the field of consumer identity theft protection. Employees of high-risk organizations such as government agencies, credit bureaus, financial services, insurance, health care, banking, social media, and identity security companies may consider adding a CIPA certification, tax preparers, office organizers, accountants, or others who collect clients personal information, may also be interested in becoming a Certified Identity Protection Advisor.

Critical Risk Domains (CRD) - Are developed and used by IMI to define specific area used for training, testing, and certification. Identity Management Institute's CIPA Critical Risk Domains are:

1. Awareness - Aware of identity theft risks, and solutions or best practices.
2. Rights & Obligations - Understand consumer rights and business obligations in accordance to identity theft laws.
3. Credit Cards - Aware of latest threats, while using leveraging strategies to prevent, detect, and resolve credit card fraud.
4. Computers & Internet - Know threats online for desktop and mobile devices, and real threats such as spam, phishing, virus, spyware, social engineering, and related controls needed to manage technology risks.
5. Home & Office - Build consumer risk awareness while strangers approach their surroundings. Take appropriate measures to safeguard their information within the boundaries of their office or home.
6. Travel - Educate best security measures while transporting identity components or documents in public places.
7. Finances - Apply best identity protection practices while consumers manage finances, other financial accounts, or while filing taxes, or maintaining inactive, and multiple accounts.
8. Passcodes - Selected and managed carefully so that they are easy to remember, hard to guess by others, and never easily compromised.
9. Classification & Organization - Documents must be categorized in accordance with confidentiality level for standard organization, safeguard, and for backup or recovery purposes.
10. Detection & Resolution - Follow up, resolve, and quickly identify fraud to stop damage of an ongoing fraud scheme. Fraud detection techniques use tools and skills for monitoring and detecting unauthorized transactions, such as credit reports, account statements, and account activity alerts. Detected and ongoing fraud should be dealt with immediately. Resolution actions may include filing police reports, sending dispute letters, documenting an ID theft affidavit, and a FTC notification or identity reset.

CIPA | Certification Benefits

• Be able to address challenges in identity protection preventing, detecting, and resolving identity theft.
• Be educated about the latest risks in identity theft, and key controls.
• Help customers more by increasing knowledge on Identity protection.
• Build and gain a greater level of trust from a loyal customer base.

CIPA | How to Apply?

To become a CIPA you must first become an IMI member, apply to take the exam, then use the included study guide to prepare for the exam, take & pass exam to receive CIPA certification.

*CIPA Exam will include 100 multiple-choice questions which must be answered online and in just one sitting. Correctly answer 70 questions to pass.

After the application process is completed, the CIPA Study Guide will be emailed, and you have one year to study and take the final exam. When you're ready to take the exam, simply inform IMI and the test link along with a pass code will be sent to you.

CIPA Candidates will be required to pay a $100 Application Cost through PayPal or another third party credit card processor. Candidates may also send a cashier's or company check with their applications by mail.

CIPA Maintenance - *Certified professionals must earn continuing education, adhere to IMI code of ethics, and be active members to maintain their CIPA Certification.

Certified Red Flag Specialist | CRFS

CRFS is the identity theft prevention certification program registered and developed based on techniques approved by the government and rigorous examination done by the Identity Management Institute (IMI).

Professionals can be positioned to help organizations prevent identity fraud to minimize fraud losses, protect customers, and comply with regulations regardless of where or how the personal information of a victim was obtained in committing fraud. Those with a CRFS certification are properly educated and trained to identify, detect and mitigate identity theft red flags.

The Identity Management Institute (IMI) is the organization that administers the Certified Red Flag Specialist (CRFS) training and certification process. IMI uses standards closely aligned with the United States Red Flags Rule, which requires businesses and organizations to develop and implement an Identity Theft Prevention Program.

Critical Risk Domains (CRD) - Are developed and used by IMI to define specific area used for training, testing, and certification. Identity Management Institute's CRFS Critical Risk Domains are:

1. Regulation - Regulatory requirement fully understood to effectively manage the identity theft risks facing an organization.
2. Program Administration - Specify plans for periodic updates, approved by the board of directors (BOD), a committee of the BOD, or senior management, and address appropriate staff training as well as service provider oversight.
3. Risk Assessment - Completed to identify whether the company is covered and perform subsequent risk assessments necessary to ensure that the program is updated regularly.
4. Red Flags - Develop necessary policies and procedure to prevent, detect, and respond to red flags.
5. Program Management - Program execution, ensures established plans, policies, and procedures are followed to prevent identity theft in action. Also addresses employee training and services provider management.

Individuals that contribute to a company's identity fraud prevention or compliance efforts should consider earning the Certified Red Specialist (CRFS) certification. These professionals may include employees, auditors, consultants, and examiners of organizations. Company board members, risk managers, compliance officers, and fraud management experts should also consider getting the CRFS certification.

CRFS | Certification Benefits

• Shows each professional was awarded a leading certification in the identity theft prevention and compliance based on government-approved techniques examined by IMI.
• Professional understanding in identity theft prevention program management.
• Able to complete accurate reporting for identity theft prevention & management.
• Qualified to perform business and service provider risk assessments professionally.
• Professional can successfully identify, detect, and prevent fraud Red Flags.
• Trained & ready teach policies, procedures, and offer staff professional training materials related to identity theft prevention.

Higher Risk Companies Include:

• Banks
• Mortgages & Brokers
• Finance Companies
• Investment Firms
• Insurance Companies
• Healthcare Providers
• Automotive Dealers
• Utility Companies
• Telecommunications Companies

CRFS | How to Apply?

The CRFS certification can only be obtained through examination. Interested candidates must become an IMI member, and submit an application for examination.

*CRFS Exam will include 100 multiple-choice questions which must be answered online and in just one sitting. Correctly answer 70 questions to pass.

The initial cost for the CRFS exam is $295, which includes the study guide. Membership Application fees are $95 for new members. Repeat exams cost $195.

Registered candidates receive a PDF study guide and a training video to help study for the CRFS exam. Group training and examination discounts are available onsite for all international locations. Please contact IMI for details.

CRFS | Maintenance - *Certified professionals must earn continuing education, adhere to IMI code of ethics, and be active members to maintain their CRFS Certification.

Identity Management Institute | IMI Member Features

IMI | Certification

Certification is an important part of professionalism. A professional certification provides credibility, knowledge, and confidence to win the trust of those who rely on certified experts for guidance and solutions. Knowledgeable identity risk experts are needed to mitigate evolving risks between companies and consumers.

IMI | Compliance Programs

There are many reasons why a company's compliance program may need to be improved. Usually this is due to lack of planning, process execution, training, and centralized oversight, periodic program updates, enforcement, and monitoring. Identity theft, and fraud risks are growing and prompting governments to introduce news laws that force companies to be proactive in preventing identity fraud.

IMI | Education & Training

Identity Management Institute offers professional training and certifications specific to manage identity theft and fraud globally. Educating and training employees, customers, and business partners is mandatory by some regulations, and essential for protecting assets and reducing fraud. IMI offers self-study materials, online courses, and group training for their certification programs. The IMI training programs can be customized to meet your needs. Contact IMI for unique identity risk management training needs.

*Those that don't already have an identity theft prevention program or process can receive their program certification and accreditations from IMI to validate the development and implementation of an effective identity theft prevention program in accordance with the requirements of the Red Flags Rule.