PS-04 Personnel Termination

Control: The organization, upon termination of individual employment, terminates information system access, conducts exit interviews, retrieves all organizational information system-related property, and provides appropriate personnel with access to official records created by the terminated employee that are stored on organizational information systems.

Supplemental Guidance: Information system-related property includes, for example, keys, identification cards, and building passes. Timely execution of this control is particularly essential for employees or contractors terminated for cause.

Control Enhancements: (0) None.

Baseline: LOW PS-4 MOD PS-4 HIGH PS-4

Family: Personnel Security

Class: Operational

ISO 17799 mapping: 8.1.3, 8.3, 11.2.1

COBIT 4.1 mapping: PO7.8

PCI-DSS v2 mapping: 8.5.4