graphgrc

SCF - IAC-07.1 - Change of Roles & Duties

Mechanisms exist to revoke user access rights following changes in personnel roles and duties, if no longer necessary or permitted.

Mapped framework controls

ISO 27002

• A.5.18

SOC 2

• CC6.2

Control questions

Does the organization revoke user access rights following changes in personnel roles and duties, if no longer necessary or permitted?

This site is open source. Improve this page.