HR-6 Termination Process

What is HR-6 Termination Process Control about?

The termination process is a crucial part of any logical access process. Employee termination is unfortunate, whether an employee leaves voluntarily or involuntarily. It is important to quickly reduce the access that person once had. This is not always an easy case and it usually ends up being a critical point of failure during audits.

If all access to various systems is managed in a single directory, such as Active Directory, the solution is simple. Things get complicated when the infrastructure is more complex, with a wide variety of systems, multiple directories, cloud-based applications, etc. If there isn’t a dedicated procedure for what to do in case of IT member termination, then there is a chance that some access may be left open.

Ideally, all privileged accounts should be managed and monitored.

Available tools in the marketplace 

Tools

No tool recommendation is made for this section

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version:

• User termination best practices

Control implementation

To implement this control,

Implement a formal and repeatable process to initiate the termination of an access request for a terminated employee or a change of role. Ensure the process is initiated by HR or a manager, and ensure it is captured within a ticket or document that lists out all the removed accesses.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action:

1. Provide an example of a completed termination access ticket, checklist, or form that shows the initiation request for the termination.
2. Provide an example of a completed termination access ticket, checklist, or form that shows the accesses that were terminated and the time at which they were terminated.

Evidence example

For the suggested action, an example is provided below:

1. Provide an example of a completed termination access ticket, checklist, or form that shows the initiation request for the termination.
   The following screenshot shows the ticket for a terminated employee.
   
2. Provide an example of a completed termination access ticket, checklist, or form that shows the accesses that were terminated and the time at which they were terminated.
   The following screenshot shows a link within the ticket to all the systems and access terminated.