Under active development Content is continuously updated and improved

IAM-06Role Change: Access De-provisioning

>Control Description

Upon notification of an employee reassignment or transfer, management reviews the employee's access for appropriateness. Access that is no longer required is revoked and documented.

Theme

Process

Type

Preventive

Policy/Standard

Access Management Procedure

>Implementation Guidance

1. Design and document a process for Logical Access and requirements for access modification in case of transfer or reassignment. 2. Ensure access reviews are performed appropriately. 3. Ensure that the necessary corrective action has been taken, if required.

>Testing Procedure

1. Inspect Organization's Logical Access Account Standard to determine whether the requirements for access modifications were defined and includes the case of employee reassignment or transfer. 2. Inspect the user access reconciliation report to ensure that the user access reviews are completed appropriately. 3. In case of any discrepancy, ensure that corrective action has been taken inspect the list of terminated users from the audit period. 4. For a sample of terminated users, validate that access was terminated in a timely and appropriate manner.

>Audit Artifacts

E-IAM-01
E-IAM-08
E-IAM-09

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

Ask AI

Configure your API key to use AI features.