Access Lockdown Checklist
An access lockdown checklist helps teams restrict, suspend, or remove access during high-risk situations while preserving business continuity and evidence.
Primary Audience & Scope
IAM, PAM, security operations, IT, HR, Legal
When to Use
- •Triage, investigation, preservation, containment, or legal review is required.
- •A consistent record is needed across teams.
- •A matter may require later review, audit, or legal defensibility.
Interactive Work Area
Fill or track items interactively and copy out to your Clipboard
Template Table Structure
| Field | Working prompt |
|---|---|
| Case/resource field 1 | Use this field to document: Confirm trigger and approval authority. |
| Case/resource field 2 | Use this field to document: Preserve evidence before account changes when required. |
| Case/resource field 3 | Use this field to document: Disable or suspend user identities. |
| Case/resource field 4 | Use this field to document: Revoke privileged roles and active sessions. |
| Case/resource field 5 | Use this field to document: Rotate passwords, tokens, API keys, SSH keys, certificates, and secrets. |
| Case/resource field 6 | Use this field to document: Remove cloud, SaaS, VPN, repository, email, collaboration, and admin console access. |
| Case/resource field 7 | Use this field to document: Disable physical badges, keys, and facility access. |
| Case/resource field 8 | Use this field to document: Address service accounts and delegated admin rights. |
Checklist Audit List
Confirm trigger and approval authority.
Preserve evidence before account changes when required.
Disable or suspend user identities.
Revoke privileged roles and active sessions.
Rotate passwords, tokens, API keys, SSH keys, certificates, and secrets.
Remove cloud, SaaS, VPN, repository, email, collaboration, and admin console access.
Disable physical badges, keys, and facility access.
Address service accounts and delegated admin rights.
Coordinate communications with HR, Legal, manager, and IT.
Validate removal and record actions.
What Completion Looks Like
- 1Decision documented.
- 2Owner assigned.
- 3Evidence and actions recorded.
- 4Scope and authority preserved.
- 5Follow-up action created where needed.
Insider Risk Capability Framework™ (IRCF™) Alignment
Operationalize This Template in RiskTKO®
Use RiskTKO® or request ITMG® support to adapt this template, align it to the Insider Risk Capability Framework™, and connect the output to measurable exposure reduction. Leaver Risk Checklist