Home/BoK/Templates/Leaver Risk Checklist
Back to Hub
Last Reviewed: 2026-06-25
Reviewer Role: Insider Risk / Legal / Privacy review
Advanced Asset
Lifecycle ModuleInteractive Sheet

Leaver Risk Checklist

A leaver risk checklist helps organizations manage trusted access and sensitive-data exposure before, during, and after employee departure.

Primary Audience & Scope

HR, managers, IAM, Security, Legal, program managers

When to Use

  • A workforce or third-party lifecycle event occurs.
  • High-impact access needs review.
  • Evidence of access decisions is required.

Interactive Work Area

Fill or track items interactively and copy out to your Clipboard

Template Table Structure

FieldWorking promptItemRequired evidence / record
Person or entityName, ID, role, organization, sponsorTriggerDeparture, role change, contract end, review cycle, incident, exception
Access scopeSystems, data, facilities, privileged rights, groups, shared spacesDecisionKeep, remove, modify, suspend, exception, investigate
OwnerManager, IAM, data owner, vendor manager, Legal/HR as applicableDue dateYYYY-MM-DD
ValidationEvidence that action was completed and reviewed

Checklist Audit List

0% Done(0/8)
Check
Checklist item

Departure type and date recorded.

Evidence: Owner / date / evidence

Manager confirms role, projects, data ownership, and sensitive access.

Evidence: Owner / date / evidence

IAM exports current access, groups, privileged roles, service ownership, and third-party accounts.

Evidence: Owner / date / evidence

Security reviews recent sensitive data movement within approved boundaries.

Evidence: Owner / date / evidence

Legal/HR review enhanced steps for involuntary, disputed, executive, privileged, or competitor transitions.

Evidence: Owner / date / evidence

Devices, badges, keys, tokens, and documents returned.

Evidence: Owner / date / evidence

Accounts, sessions, forwarding rules, tokens, OAuth grants, API keys, and repositories disabled or transferred.

Evidence: Owner / date / evidence

Post-departure validation confirms access removal and no unauthorized activity.

Evidence: Owner / date / evidence

What Completion Looks Like

  • 1Access decisions recorded.
  • 2Removals validated.
  • 3Exceptions time-bounded.
  • 4Evidence retained.
  • 5Owner and due date assigned.

Insider Risk Capability Framework™ (IRCF™) Alignment

Programmatic RelevanceSupports lifecycle control, access governance, and exposure reduction.
Non-legal-advice Compliance NoteThis resource is a planning aid and does not provide legal advice. Organizations should adapt it to their policies, jurisdictions, labor obligations, privacy requirements, contracts, and risk appetite. Sensitive monitoring, investigation, employment, evidence, legal hold, and employee-data activities should be reviewed by appropriate Legal, Privacy, HR, Compliance, and labor stakeholders before use.

Operationalize This Template in RiskTKO®

Use RiskTKO® or request ITMG® support to adapt this template, align it to the Insider Risk Capability Framework™, and connect the output to measurable exposure reduction. Mover Risk Checklist