Article 45 – Information Security
49020.7.6 Removal of Access Rights
-
Upon termination, position change or change of duties, the access rights of an individual to assets associated with information systems and services shall be evaluated. This will determine whether it is necessary to remove access rights. Changes of employment should be reflected in removal of all access rights that were not approved for the new position. The access rights that should be removed or adapted include physical and logical access, keys, identification cards, information processing facilities, subscriptions, and removal from any documentation that identifies them as a current member of the group. If a departing employee, contractor or third-party user has known passwords for accounts remaining active, these should be changed upon termination or change of employment, contract or agreement.