Certified in Risk and Information Systems Control (CRISC) — Question 108

Which of the following is the BEST method to ensure a terminated employee's access to IT systems is revoked upon departure from the organization?

Answer options

• A. Login attempts are reconciled to a list of terminated employees
• B. A process to remove employee access during the exit interview is implemented
• C. The human resources (HR) system automatically revokes system access
• D. A list of terminated employees is generated for reconciliation against current IT access

Correct answer: C

Explanation

Option C is correct because an automated HR system ensures timely and consistent revocation of access, minimizing the risk of oversight. Options A and D rely on manual reconciliation, which can be delayed or inaccurate, while B may not guarantee immediate access removal during the exit process.