Go to kintent.com

Docy Child

Updated on February 28, 2023

HR-6 Termination Process

Estimated reading: 2 minutes 527 views

What is this control about?

Employee termination is unfortunate and whether an employee leaves voluntarily or involuntarily, it’s important to quickly reduce the access that person once had. This is not always an easy case and usually ends up being a critical point of failure during audits.

When all access to various systems is managed in a single directory, such as Active Directory, the solution can be straightforward. Things get complicated when the infrastructure is more complex with a wide variety of systems, multiple directories, cloud-based applications, etc. If there isn’t a dedicated procedure for what to do in case of IT member termination, then there is a chance that some access may be left open.

Ideally, all privileged accounts should be managed and monitored.

Available tools in the marketplace 

Tools:
 No tools recommendation for this section

Available templates

TrustCloud has a curated list of templates internally or externally sourced to help you get started. Click on the link for a downloadable version:

Control implementation

Implement a formal and repeatable process to initiate a termination of access request for a termed employee or a change of role. Ensure the process is initiated by HR or a manager and ensure it is captured within a ticket or document that list out all the removed accesses.

What evidence do auditors look for?

Most auditors, at a minimum are looking for the below suggested action:

  • Provide an example of a completed termination access ticket, checklist or form that shows the initiation request of the termination
  • Provide an example of a completed termination access ticket, checklist, or form that shows the accesses that were terminated and the time at which they were terminated

Evidence example

From the suggested action above, an example is provided below.

1.    Provide an example of a completed termination access ticket, checklist or form that shows the initiation request of the termination.

This TrustCloud example demonstrates the ticket for a terminated employee

HR 6 screenshot1

 

 

2. Provide an example of a completed termination access ticket, checklist, or form that shows the access that was terminated and the time at which it was terminated.

TrustCloud example – link within the ticket above listed all the systems and access terminated

HR 6 screenshot2

Logical Access - Previous AUTH-11 Password Configurations Next - Logical Access AUTH-12 Automatic Logoff

Join the conversation

ON THIS PAGE
SUBSCRIBE
FlightSchool
SHARE THIS ARTICLE
Twitter Facebook LinkedIn
FlightSchool by TrustCloud

FlightSchool is the fun way to learn about compliance, trust, and TrustCloud’s products.

© 2023 TrustCloud Corporation. All rights reserved.
TrustOps® is a registered trademark of TrustCloud Corporation.

FlightSchool RSS Feed

TOPICS

Platform

ABOUT US

AICPA
Monitored by TrustCloud

❤️  Joyfully crafted by a 100% distributed team.