When to use this
Use this checklist during an internal audit of leaver, mover, contractor offboarding, and continuing responsibility controls.
Related controls
- A.6.5 Responsibilities After Termination or Change of Employment
- A.6.5 Audit Evidence Pack
- Leaver and Role Change Security Checklist
- Post-Employment Security Responsibilities Register
Audit checklist
- Confirm termination and role-change procedures exist.
- Confirm owners are assigned for HR, IT, facilities, security, and managers.
- Sample leavers and compare termination date to access removal timestamps.
- Sample movers and verify old-role access was removed.
- Check physical access revocation.
- Check asset and information return evidence.
- Check notification records to relevant parties.
- Check high-risk termination handling.
- Verify continuing duties are defined in contract/NDA and communicated.
- Check contractor and third-party user offboarding.
- Record nonconformities, observations, and improvement actions.
Findings table
| Sample | Expected evidence | Observed evidence | Gap | Finding type | Action owner |
|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | NC / observation / conforming | TBD |
- Iso27001
- ISO27002
- Template
- Audit
- A6 5
Note Metadata
Aliases: A.6.5 Termination and Role Change Audit Checklist
Source: 90 Templates/A.6.5 Audit Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.
Related Notes
- ISO 27001 A.6.5 - Responsibilities After Termination or Change of Employment
- A.6 People Controls MOC
- A.6.5 Audit Evidence Pack
- Audit Evidence MOC
- AQ-ISO27001-A.6.5 Responsibilities After Termination or Change of Employment
- A.6 People Controls Audit Guide
- A.6 People Controls Implementation Audit Risk Mapping
- Leaver and Role Change Security Checklist
- Post-Employment Security Responsibilities Register
- Audit Evidence Index
- Templates MOC