Description
The organization reviews information systems/facilities access authorizations when personnel are reassigned or transferred to other positions within the organization and initiates appropriate actions.\n
Supplemental Guidance
Appropriate actions that may be required include: (i) returning old and issuing new keys, identification cards, building passes; (ii) closing old accounts and establishing new accounts; (iii) changing system access authorizations; and (iv) providing for access to official records created or controlled by the employee at the old work location and in the old accounts.\n
Enhancements
(0) None.\n
Compliance Mappings
ISO 27002:2022
6.5
SOC 2 TSC
CC1.5CC6.2-POF3
ISO 17799 (legacy)
8.3.18.3.311.2.1
COBIT 4.1 (legacy)
PO7.8