Buyer question
What is AI access recertification?
AI access recertification is the periodic re-review of whether a user still needs an approved AI tool grant.
In JSM, it works best as a review-before-expiry flow that stays linked to the original request, approval, grant, and evidence record.
Last updated: 2026-06-10
Practical answer
AI access recertification is the periodic re-review of whether a user still needs an approved AI tool grant. In JSM, it works best as a review-before-expiry flow that stays linked to the original request, approval, grant, and evidence record.
| Lifecycle point | What happens | Evidence to keep |
|---|---|---|
| Initial approval | Approver allows one user to access one AI tool for a purpose and duration. | Requester, approver, policy, purpose, duration. |
| Active grant | The user has approved access until expiry or revocation. | Grant status, expiry, provisioning state. |
| Recertification window | Reviewer decides whether continued need is justified. | Review issue, decision, exception, renewal, or removal. |
| Post-review | Grant continues, changes, or is revoked. | Updated expiry, recertification state, audit event. |
Honest limitations
Do not describe AI Clearance as running broad scheduled certification campaigns. The documented product behavior is a review-before-expiry recertification check that creates recert issues for grants entering the review window.
Related next step
Review AI Clearance for AI access lifecycle evidence, or start with AI Clearance vs native JSM if you are deciding whether to build this yourself.
FAQ
Is recertification the same as initial approval?
No. Initial approval asks whether access should start. Recertification asks whether it should continue.
How often should recertification run?
That depends on policy, risk, and legal requirements. AI Clearance tracks review-before-expiry rather than prescribing a universal cadence.
Where is the glossary definition?
See the recertification entry in the ArdSaor glossary.