I
I
IllumiDesk
Search…
Security and Compliance
Powered By GitBook
IAM.1.05 - Transfers: Access De-Provisioning

Control Statement

Upon notification of a reassignment or transfer, management reviews the IllumiDesk team member's access for appropriateness. Access that is no longer required is revoked and documented, and any shared authentication credentials to which the team member had access are rotated.

Context

The purpose of this control is to ensure there is a process in place to remove access to user accounts that is no longer necessary in the event of a role change. This control helps ensure that only authorized and active accounts can be accessed and used to prevent any unauthorized use or access of IllumiDesk customer, IllumiDesk teammember, and partner data. PeopleOperations would be responsible for advising of role change and new hiring manager of reviewing and de-provisioning any access that was no longer required.

Scope

This control applies to any system or service where user accounts can be provisioned.

Ownership

    Control Owner:
      PeopleOperations
      Hiring Managers
    Process owner:
      IT Operations

Additional control information and project tracking

Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the Role Change: Access De-Provisioning control issue.

Policy Reference

    Access Control Policy and Procedures
    Job Transfers
    Access Change Request
    Access Removal Request

Framework Mapping

    SOC2 CC
      CC6.2
      CC6.3
      CC6.6
      CC6.7
Last modified 1yr ago