IT KORR Knowledge Center
Identity Governance Checklist
A checklist covering provisioning, access reviews, and deprovisioning discipline across the identity lifecycle.
Provisioning (Joiner)
- Role-based access templates defined for every job role.
- New-hire access provisioned against the template on day one, not ad hoc.
Role Changes (Mover)
- Every role change triggers a full access review, not just an addition of new access.
- Access tied to the prior role explicitly removed, not left in place.
Offboarding (Leaver)
- Access revoked same-day across the identity provider and every connected system.
- Shared credentials the departing employee had access to are rotated.
- Offboarding trigger is tied directly to HR notification, not a separate manual process.
Ongoing Governance
- Periodic access review conducted at least quarterly or semi-annually.
- Service account privilege scope included in the same review cycle as human accounts.
- Review outcomes documented, including any access removed.
Related Resources
- Identity Lifecycle and Joiner-Mover-Leaver Governance — /knowledge-center/cybersecurity/identity-access-management/identity-lifecycle-governance
- Identity & MFA Readiness Assessment — /tools/identity-mfa-readiness-assessment