Demo · sample data, not for production use · request the real tool →

CC6.3

Removes access for terminated users

SecurityPartialSecurity (Common Criteria)

Control description

AICPA Trust Services Criteria

The entity authorizes, modifies, or removes access to data, software, functions, and other protected information assets based on roles, responsibilities, or the system design and changes.

Auditor test plan

How this is tested during the audit

Auditor samples 25 terminations and verifies access was removed within the documented SLA (typically 24 hours for production).

Evidence

1 item attached to this control

Open vault →
  • CSV

    termination-access-removal-log-q1.csv

    sha256:0000000000000000… · 56.8 KB · 22d ago

Last reviewed
22d
Within 180-day window
Evidence on file
2

Owner

VE
VP Engineering
Accountable for design + operating effectiveness

Status timeline

Recent control history

  1. Last reviewed by VP Engineering

    22d ago

  2. Remediation plan opened

    36d ago

  3. Auditor flagged design gap

    82d ago