AM-08 Access Management
User Access De-provisioning (Leavers)
Access is revoked promptly on departure.
- Domain
- Access Management
- Control type
- Preventive
- Automated / manual
- Manual
- Frequency
- Per event
- Framework reference
- COBIT DSS05.04; MAS TRM – Access
What good looks like
HR notifies IT of leavers; access is disabled within SLA and subsequently removed.
Risk if it fails
Active ex-staff accounts; unauthorised access.
How Tess tests it
5 tests — each concludes only on cited evidence.
Leaver SLA defined (expedited for involuntary)
Design- Procedure
- Inspect the leaver policy.
- Expected
- Disable SLA stated; involuntary terminations expedited.
- Sample
- 1 (design inspection)
- Evidence
- HR leaver report, AD/IdP disable timestamps, de-provision tickets.
HR→IT termination trigger exists
Design- Procedure
- Inspect the notification process/integration.
- Expected
- Timely, reliable leaver notification.
- Sample
- 1 (design inspection)
- Evidence
- HR leaver report, AD/IdP disable timestamps, de-provision tickets.
Accounts disabled within SLA
Operating- Procedure
- Sample leavers; compare termination to disable timestamp.
- Expected
- Disabled within SLA for all sampled.
- Sample
- Judgmental, by population (e.g. 10–25)
- Evidence
- HR leaver report, AD/IdP disable timestamps, de-provision tickets.
Access fully removed across systems
Operating- Procedure
- Inspect downstream apps, VPN, privileged access for sampled leavers.
- Expected
- No residual access incl. SSO-connected apps.
- Sample
- Judgmental, by population (e.g. 10–25)
- Evidence
- HR leaver report, AD/IdP disable timestamps, de-provision tickets.
No active accounts for terminated staff
Operating- Procedure
- Reconcile HR leaver list to the active-account listing.
- Expected
- Zero active ex-staff accounts.
- Sample
- Judgmental, by population (e.g. 10–25)
- Evidence
- HR leaver report, AD/IdP disable timestamps, de-provision tickets.
Evidence Tess looks for
HR leaver report, AD/IdP disable timestamps, de-provision tickets.
More in Access Management
Want Tess to test AM-08 against your evidence?
Book a demo