85 lines
3.1 KiB
Markdown
85 lines
3.1 KiB
Markdown
Title: Joiner Mover Leaver Procedure
|
|
Document ID: [PROC-JML-001]
|
|
Version: 0.1 Draft
|
|
Status: Draft
|
|
Owner: CISO (Paul Jenkins)
|
|
Approver: CISO (Paul Jenkins)
|
|
Classification: Internal
|
|
Effective date: [DD Month YYYY]
|
|
Review date: [DD Month YYYY]
|
|
|
|
# Joiner Mover Leaver Procedure
|
|
|
|
## Purpose
|
|
|
|
This procedure defines how BlackDice should provision, change, and remove access when personnel join, change role, or leave.
|
|
|
|
## Scope
|
|
|
|
This procedure applies to employees, contractors, temporary workers, and other individuals granted access to in-scope systems, services, information, or facilities.
|
|
|
|
## Trigger / When Used
|
|
|
|
Use this procedure when:
|
|
|
|
- a new starter requires access
|
|
- an existing worker changes role, team, or privilege level
|
|
- a worker leaves the organisation or no longer requires access
|
|
- emergency access changes are needed due to risk or incident
|
|
|
|
## Procedure Steps
|
|
|
|
1. Receive an authorised joiner, mover, or leaver request from the appropriate manager or approved source.
|
|
2. Confirm the individual's identity, status, start or end date, and the business justification for access.
|
|
3. Determine the required access profile based on role, least privilege, and segregation considerations.
|
|
4. Provision, modify, or remove access in relevant systems, including identity platforms, endpoints, cloud services, repositories, support systems, and facilities as applicable.
|
|
5. Apply stronger controls or additional review for privileged, production, cloud administration, CI/CD, or customer-sensitive access.
|
|
6. Confirm that access changes have been completed and notify the requester or manager.
|
|
7. Record the activity and retain evidence of approval and completion.
|
|
8. For leavers, ensure access removal is completed promptly and that any assigned assets or credentials are returned, revoked, or disabled.
|
|
|
|
## Inputs
|
|
|
|
- authorised access request
|
|
- start date, role change date, or leaving date
|
|
- approved role profile or access requirements
|
|
- asset assignment information where relevant
|
|
|
|
## Outputs / Records
|
|
|
|
- access provisioning or deprovisioning record
|
|
- approval evidence
|
|
- updated account and access status
|
|
- returned asset or credential record where relevant
|
|
|
|
## Roles and Responsibilities
|
|
|
|
- Managers must submit timely and accurate requests.
|
|
- [Role] or designated administrators must process access changes and retain records.
|
|
- System owners must support role-appropriate access where local approval is required.
|
|
- Individuals subject to this procedure must return assets and comply with security obligations.
|
|
|
|
## Escalation / Exceptions
|
|
|
|
Escalate immediately where:
|
|
|
|
- privileged or sensitive access cannot be removed on time
|
|
- employment or contractor status is unclear
|
|
- emergency suspension of access is required
|
|
- requested access exceeds normal role expectations
|
|
|
|
Exceptions must be documented, risk-assessed, and approved through the exception process.
|
|
|
|
## Related Documents
|
|
|
|
- Access Control Policy
|
|
- Human Resources Security Policy
|
|
- Identity and Authentication Standard
|
|
- Access Review Procedure
|
|
|
|
## Version Control
|
|
|
|
| Version | Date | Description of Change | Author |
|
|
| --- | --- | --- | --- |
|
|
| 0.1 Draft | [DD Month YYYY] | Initial draft. | [Name or Role] |
|