When to use this
Use this checklist for employee leavers, contractor offboarding, third-party user removal, and internal role changes.
Related controls
- A.6.5 Responsibilities After Termination or Change of Employment
- A.5.11 Return of Assets
- A.5.18 Access Rights
- Segregation of Duties
Checklist
- Confirm termination, contract end, or role-change date.
- Identify urgency level: normal / urgent / high-risk.
- Notify HR, line manager, IT, security, facilities, and other relevant parties.
- Remove old logical access rights.
- Remove privileged access and shared-group memberships.
- Remove physical access cards, keys, badges, and facility permissions.
- Remove customer, supplier, SaaS, cloud, and third-party portal access.
- Return organization and customer equipment.
- Return or securely remove organization information from devices and repositories.
- Update asset and access inventories.
- Communicate continuing confidentiality, privacy, IP, and legal duties.
- Confirm old-role access is removed before new-role access is added where applicable.
- Record evidence location and closure.
Record
| Field | Value |
|---|---|
| Person or ID | TBD |
| Event type | Leaver / role change / contractor end |
| Effective date | TBD |
| Urgency | Normal / urgent / high-risk |
| Access removed date | TBD |
| Assets returned date | TBD |
| Continuing duties communicated | Yes / No |
| Evidence location | TBD |
| Owner | TBD |
- Template
- Iso27001
- People controls
- Termination
- Role change
Note Metadata
Aliases: Leaver Mover Checklist
Source: 90 Templates/Leaver and Role Change Security Checklist.md
Related Notes
- ISO 27001 A.5.11 - Return of Assets
- ISO 27001 A.5.18 - Access Rights
- ISO 27001 A.5.3 - Segregation of Duties
- ISO 27001 A.6.5 - Responsibilities After Termination or Change of Employment
- A.6 People Controls MOC
- A.6.5 Audit Evidence Pack
- A.6 People Controls Implementation Guide
- A.6 People Controls Audit Guide
- A.6 People Controls Implementation Audit Risk Mapping
- ISO 27002 Annex A Control Interpretation Map
- A.6.5 Audit Checklist
- Templates MOC