Recently, there has been a growing interest in the technologies of identity and identification. Many governments are keen on enhancing identity systems and introducing biometric technology in order to securitize the identities of their citizens. As it happens, the introduction of these identity systems is raising many concerns over the issue of privacy and the protection of fundamental rights. In this article, we draw on some sources in order to suggest a framework for the governance of identity systems. We begin by considering the guidelines of the Organization for Economic Co-operation and Development (OECD) from which we derive a set of principles that are relevant to the governance of identity security systems. We then discuss the use of Expression of Needs and Identification of Security Objectives (EBIOS) as a valid methodology for governing identity. Finally, we address the issue of security management and its relation to identity systems.