What should not be managed under Access Management?

The correct response highlights that physical access to buildings typically falls outside the scope of Access Management as defined in ITIL practices. Access Management primarily focuses on ensuring that authorized users can access specific services, applications, systems, and data in an IT context. This includes managing user access rights, handling user service requests related to access, and establishing processes for identity verification to confirm that users requesting access are indeed who they claim to be.

Physical access, however, generally pertains to security measures regarding the physical premises, such as managing who can enter the building or specific areas within it. This responsibility may belong to a different team or system, often associated with physical security protocols rather than IT service management. Thus, it does not align with the objectives and processes outlined in Access Management. This distinction reinforces the understanding of Access Management’s focus on logical, rather than physical, access control mechanisms.