Which statement best describes IAM governance?

Identity and access management (IAM) governance is the set of policies, processes, and controls that determine how access to systems and data is managed—from who can be granted access, to how that access is requested and approved, to how it is reviewed and revoked. It emphasizes least privilege, ensuring users have only the permissions necessary for their roles, and separation of duties to prevent conflicts and misuse. This governance covers provisioning and de-provisioning as people join, move, or leave, along with periodic access reviews and audit trails to verify appropriate access. That combination—controlling access rights, granting and revoking them through formal processes, and enforcing least privilege and separation of duties—is why this statement best describes IAM governance. The other options describe different areas (network routing, physical asset disposal, cloud pricing) and do not address how identities and access rights are governed.