Leadline Inc.LS-19: Access Termination
Automated or manual access termination within specified timeframes after employee/contractor termination
Control Description
"Option 1:
Requests to terminate access to the network, to the in-scope utilities, to the in-scope applications, and/or to the related databases are automatically submitted by the Human Resources Information System, and access is removed or disabled within one business day after termination.
Option 2:
Access to the network, to the in-scope utilities, to the in-scope applications, and/or to the related databases is removed or disabled within five business days of the employee's/contractor's termination date."
Plain Meaning
This control provides two options for terminating access when employees or contractors leave the organization. Option 1 requires automated termination within one business day, while Option 2 allows manual termination within five business days.
Implementation
Option 1: Automated Access Termination
Automated Process Requirements
- HR system automatically triggers access termination requests
- Access removal completed within one business day
- Comprehensive coverage of all access points
- Audit trail of all termination activities
- Verification of access removal completion
Implementation Approach
- HR System Integration: Connect HR system to identity management
- Automated Workflows: Create automated termination workflows
- Access Inventory: Maintain complete inventory of all access points
- Verification Process: Automated verification of access removal
- Exception Handling: Process for handling termination exceptions
Simple Implementation Steps
- Integrate HR System: Connect HR system to access management
- Define Termination Triggers: Set up automatic termination triggers
- Create Access Inventory: Document all systems and access points
- Implement Automated Removal: Set up automated access removal
- Add Verification: Automated verification of access removal
- Test Process: Regularly test termination process
Option 2: Manual Access Termination
Manual Process Requirements
- Access removal completed within five business days
- Clear procedures for manual termination
- Documentation of all termination activities
- Verification of access removal completion
- Exception handling for complex terminations
Implementation Approach
- Termination Checklist: Create comprehensive termination checklist
- Responsibility Assignment: Assign termination responsibilities
- Tracking System: Track termination progress and completion
- Verification Process: Manual verification of access removal
- Documentation: Complete records of all termination activities
Simple Implementation Steps
- Create Termination Checklist: Document all access points to remove
- Assign Responsibilities: Define who handles each termination step
- Set Up Tracking: Create system to track termination progress
- Establish Procedures: Document manual termination procedures
- Add Verification: Manual verification of access removal
- Train Staff: Train team on termination procedures
Key Success Factors
- Timely Termination: Access removed within specified timeframe
- Complete Coverage: All access points included in termination
- Verification: Confirmation that access was successfully removed
- Documentation: Complete records of termination activities
- Exception Handling: Process for handling termination exceptions
Common Pitfalls to Avoid
- Delayed Termination: Not removing access within required timeframe
- Incomplete Coverage: Missing some access points during termination
- No Verification: Not confirming access removal was successful
- Poor Documentation: Missing records of termination activities
Related Controls
- LS-22: Manager approval for access requests
- LS-24: Quarterly access reviews
- LS-25: Valid user IDs and passwords required