Initial commit
This commit is contained in:
Paul Jenkins
84
03-procedures/joiner-mover-leaver-procedure.md
Normal file
84
03-procedures/joiner-mover-leaver-procedure.md
Normal file
@@ -0,0 +1,84 @@
|
||||
Title: Joiner Mover Leaver Procedure
|
||||
Document ID: [PROC-JML-001]
|
||||
Version: 0.1 Draft
|
||||
Status: Draft
|
||||
Owner: CISO (Paul Jenkins)
|
||||
Approver: CISO (Paul Jenkins)
|
||||
Classification: Internal
|
||||
Effective date: [DD Month YYYY]
|
||||
Review date: [DD Month YYYY]
|
||||
|
||||
# Joiner Mover Leaver Procedure
|
||||
|
||||
## Purpose
|
||||
|
||||
This procedure defines how BlackDice should provision, change, and remove access when personnel join, change role, or leave.
|
||||
|
||||
## Scope
|
||||
|
||||
This procedure applies to employees, contractors, temporary workers, and other individuals granted access to in-scope systems, services, information, or facilities.
|
||||
|
||||
## Trigger / When Used
|
||||
|
||||
Use this procedure when:
|
||||
|
||||
- a new starter requires access
|
||||
- an existing worker changes role, team, or privilege level
|
||||
- a worker leaves the organisation or no longer requires access
|
||||
- emergency access changes are needed due to risk or incident
|
||||
|
||||
## Procedure Steps
|
||||
|
||||
1. Receive an authorised joiner, mover, or leaver request from the appropriate manager or approved source.
|
||||
2. Confirm the individual's identity, status, start or end date, and the business justification for access.
|
||||
3. Determine the required access profile based on role, least privilege, and segregation considerations.
|
||||
4. Provision, modify, or remove access in relevant systems, including identity platforms, endpoints, cloud services, repositories, support systems, and facilities as applicable.
|
||||
5. Apply stronger controls or additional review for privileged, production, cloud administration, CI/CD, or customer-sensitive access.
|
||||
6. Confirm that access changes have been completed and notify the requester or manager.
|
||||
7. Record the activity and retain evidence of approval and completion.
|
||||
8. For leavers, ensure access removal is completed promptly and that any assigned assets or credentials are returned, revoked, or disabled.
|
||||
|
||||
## Inputs
|
||||
|
||||
- authorised access request
|
||||
- start date, role change date, or leaving date
|
||||
- approved role profile or access requirements
|
||||
- asset assignment information where relevant
|
||||
|
||||
## Outputs / Records
|
||||
|
||||
- access provisioning or deprovisioning record
|
||||
- approval evidence
|
||||
- updated account and access status
|
||||
- returned asset or credential record where relevant
|
||||
|
||||
## Roles and Responsibilities
|
||||
|
||||
- Managers must submit timely and accurate requests.
|
||||
- [Role] or designated administrators must process access changes and retain records.
|
||||
- System owners must support role-appropriate access where local approval is required.
|
||||
- Individuals subject to this procedure must return assets and comply with security obligations.
|
||||
|
||||
## Escalation / Exceptions
|
||||
|
||||
Escalate immediately where:
|
||||
|
||||
- privileged or sensitive access cannot be removed on time
|
||||
- employment or contractor status is unclear
|
||||
- emergency suspension of access is required
|
||||
- requested access exceeds normal role expectations
|
||||
|
||||
Exceptions must be documented, risk-assessed, and approved through the exception process.
|
||||
|
||||
## Related Documents
|
||||
|
||||
- Access Control Policy
|
||||
- Human Resources Security Policy
|
||||
- Identity and Authentication Standard
|
||||
- Access Review Procedure
|
||||
|
||||
## Version Control
|
||||
|
||||
| Version | Date | Description of Change | Author |
|
||||
| --- | --- | --- | --- |
|
||||
| 0.1 Draft | [DD Month YYYY] | Initial draft. | [Name or Role] |
|
||||
Reference in New Issue
Block a user