March 24, 2023
Deactivate User Access for Terminated, Retiring and Extended Leave
Failure to deactivate user network and system access when staff retire, terminate service, or are on extended leave (over two weeks) creates a substantial security risk. Agencies are audited on active management of user access. Failure to remove access in a timely fashion can result in an internal control audit finding. It also opens up your agency to security breaches.
- Confirm your off-boarding internal controls include steps to identify on a bi-weekly payroll basis, any employees with status changes and communicate changes to your Department Security Officers (DSOs) to deactivate access immediately.
- Confirm that DSOs and IT staff identify and deactivate user access not only to department networks and systems, but all enterprise systems (MMARS/LCM, HR/CMS, CIW, MobiusView, Magic etc.) and any third party applications that contain access to department data.
See our CTR Cyber page for more cybersecurity internal controls to keep you safe at work and at home.
Contact [email protected] with any incidents or suspected incidents of fraud or cyber threats or if you need support from our Statewide Risk Management Team.