If you are working at establishing a solid identity and access management program (as but one example where this could be the case), you must ensure that the data you are about to enter is clean, accurate and true.\u00a0All too often we take for granted that the data that comes from various sources has been fully vetted.\u00a0The data goes in, is processed and it magically comes out with significant religious connotations.\u00a0A word of caution: Be sure if you are starting to go down the road of identity and access management that you fully understand segregation of duties.\u00a0Also ensure that you do not stop there but drive fully to role-based access control.\u00a0Validate the roles both automatically (which may get you at best a 50% hit but that is based upon what is there (an already GIGO example) but fully verify all roles manually.\u00a0Build your swim lanes; reduce the number of roles; ensure automated add\/change\/delete and entitlements review processes. This is truly time intensive but the risks are too high to ignore.\u00a0As I said before, this is but one example. Think of all the financial data being entered into your core systems; marketing data; supply chain info; architectural specs, legal information, and more. Has it been fully vetted? Does your organization even care or are the practicing another fine and well-tuned art, that being KIBO?