The Joiners, Movers and Leavers process is a key HR process in most organisations. This gives businesses a framework for bringing personnel into the organisation, and managing them throughout their employee lifetime.

While it mostly focuses on providing access to systems, operational training and offboarding, it is also useful to introduce specific IT security controls appropriate for each phase.


At this stage the employee is open to learning the ways and workings of the company, so use the time to educate them on your security policies. People perform best when they know and understand the expectations and boundaries, such as acceptable usage of company IT assets. It is important too that you demonstrate by practicing how seriously IT security controls are taken, as people will pick up on the behaviours of colleagues and management as well as what is written down in black-and-white.


When an employee moves departments or job roles, they often need to access new systems. You should also look at revoking access to systems, email groups or file shares they no longer need direct access to, even if the move is a promotion. Senior management sometimes have access to systems they dont need nor use, and as such are vulnerable to targeted attacks such as phishing.


When someone is leaving the organisation, their access should obviously be revoked from all systems. This does not always happen though, and there have been cases where ex-employees were able to destroy data after finishing with a business. Prepare a checklist of accounts to be disabled or deleted, along with a hierarchy of which to disable first, and clear responsibilities for who is to complete and confirm each step.


On Saturday 06th August I will be running a free and live session on scam and phishing emails, and what to watch out for. More details to come soon! 😄