When to use this
Practical use
Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.
Use this to track identity creation, changes, reviews, deactivation, deletion, and shared-identity exceptions.
Identity lifecycle log
| Identity | User/person/service | Type | System/service | Lifecycle event | Authorization | Date | Owner | Status | Evidence |
|---|---|---|---|---|---|---|---|---|---|
| TBD | TBD | Employee / Contractor / Admin / Service / Shared | TBD | Joiner / Mover / Leaver / Review / Exception | TBD | TBD | TBD | Active / Disabled / Removed | TBD |
Shared identity exception record
| Shared identity | Reason individual identity is not possible | Risk assessment | Authorized by | Custodian | Usage tracking method | Credential change trigger | Review date |
|---|---|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | TBD | TBD | TBD | TBD |
Lifecycle checklist
- Identity is uniquely registered where possible.
- Identity maps to a real person, service, or authorized shared use.
- Creation is authorized.
- Mover changes are processed.
- Leaver identities are disabled or removed promptly.
- Live identities are reviewed periodically.
- Shared identities are risk-assessed and logged.
- Redundant identities are not reissued.
Related notes
- Template
- Iso27001
- A5 16
- Identity management
Note Metadata
Aliases: Identity Lifecycle Log
Source: 90 Templates/Identity Lifecycle Register.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.
Related Notes
- ISO 27001 A.5.15 - Access Control
- ISO 27001 A.5.16 - Identity Management
- ISO 27001 A.5.17 - Authentication Information
- ISO 27001 A.5.18 - Access Rights
- A.5.16 Audit Evidence Pack
- A.5 Organizational Controls Implementation Guide
- ISO 27002 Annex A Control Interpretation Map
- A.5.16 Audit Checklist
- Templates MOC