The periodic automated reassessment of existing access privileges to establish that security policy is being complied with, usually by workflows to the persons or roles responsible for the original approvals. Access may be reviewed down to the individual menu or transaction level within an application; especially for internal staff and outsourced management. Revalidation is an essential part of IAM solutions, increasingly required by corporate governance regulations (eg SOX). Note that some proprietary solutions (eg IBM TIM) do continuous reconciliation of entitlements within rules (using policy), thereby making this periodic revalidation redundant.