Personnel separation and transfer procedures address cybersecurity, including supplementary vetting as appropriate
Context and Guidance: Potential risks arising from the transfer of personnel should be identified and procedures to mitigate those risks should be established and maintained. For staff who have privileged or trusted access to assets, managing access to and possession of these assets is extremely important for preventing potential disruptions or effects on the resilience of the function. When personnel change positions, their possession of and access to organisational assets (including their access privileges) should be re-evaluated and adjusted as needed. Reassignment of cybersecurity responsibilities may also need to be considered. Organisations may consider additional vetting for employees who transfer to a new position that presents greater risk to the organisation.
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: WORKFORCE-1b, WORKFORCE-1d.