Account Management is also a critical piece of the security puzzle. There have been many instances where terminated employees were able to access systems long after they have been terminated by a company. Some important guidelines to remember:
Disable user accounts immediately after they leave the company.
Periodically review and monitor user lists and groups for unauthorized changes “ This task should be a part of the base- lining and control audit procedures referenced in section 1.7.
Ensure that a user's rights are adjusted when they change departments or responsibilities “ If you have a user that moves from an Application Development role to a Support role, you do not want that user to continue to have access rights to the source code repository.