Skip to Main Content

Deactivating User Access Within 24 Hours for Terminated, Retiring, and Extended Leave

Graphic with a red pause button, a yellow check mark, and a green play button and the words pause, verify, report at work underneath.

Auditors are now routinely reviewing security access management as part of IT. Security access management is an essential part of overall IT security that manages user access to data, systems, and resources within an organization. Failure to timely deactivate security access creates a significant security risk. Access management standards require removal of access within 24 hours of a change in employment status or role. Failure to timely remove access can result in audit findings.


Always report any suspicious activity to your security staff immediately. See our CTR Cyber page for more cybersecurity internal controls and contact [email protected] with any incidents or suspected incidents of fraud or cyber threats or if you need support from our Statewide Risk Management Team.