Description
The organization, upon termination of individual employment, terminates information system access, conducts exit interviews, retrieves all organizational information system-related property, and provides appropriate personnel with access to official records created by the terminated employee that are stored on organizational information systems.\n
Supplemental Guidance
Information system-related property includes, for example, keys, identification cards, and building passes. Timely execution of this control is particularly essential for employees or contractors terminated for cause.\n
Changes from Rev 4
Control text for notification removed Parameter for specifying time frame for notification removed
Enhancements
(0) None.\n
Compliance Mappings
ISO 27002:2022
6.5
SOC 2 TSC
CC1.5CC6.2-POF3
ISO 17799 (legacy)
8.1.38.311.2.1
COBIT 4.1 (legacy)
PO7.8