Identities are deprovisioned within organisation-defined time thresholds when no longer required
Context and Guidance: Deprovisioning should occur as a result of the staff change or termination process. The organisation should define a time-based requirement within which the deprovisioning should be done. For example, upon a termination, deprovisioning should occur immediately; for staff transitions to new positions, the time frame might be longer. For timely deprovisioning to be possible, there must be a process for human resources departments to feed termination information to those who are responsible for maintaining the organisation’s identity repositories. Deprovisioning may also be the result of corrective actions taken after a review to remedy situations where the time thresholds were not met.
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: ACCESS-1a, ACCESS-1c, ACCESS-1e, ACCESS-1f, ACCESS-1j.