How to Manage Business System Access for Joiners, Movers and Leavers

The right access for the right work and time

Access should follow a person’s current responsibilities, not accumulate across their history. A joiner, mover and leaver process connects employment or supplier changes to timely system action and a record of who approved it.

Quick answer

Maintain an owner and role model for each service, use named accounts, verify identity, approve the least access needed, record privileged and external access separately, change permissions when roles move, revoke them promptly when work ends and review the resulting account list.

  • Applies worldwide
  • Reviewed by Attach Planet
  • Last reviewed: 17 July 2026

Define the workflow for each event

Event Minimum action Evidence to keep
Joiner Verify the person and sponsor, apply an approved role, set appropriate authentication, explain responsibilities and test access. Identity source, role, systems, approver, start and expiry dates.
Mover Remove access no longer justified before or alongside granting the new role; check conflicts and privileged rights. Old and new role, removals, additions, approvals and effective time.
Leaver Revoke interactive, remote, API, shared, physical and supplier access at the risk-appropriate time; transfer owned records. Trigger, completion time, systems checked, asset and information handover, exceptions.
Periodic review Ask service and information owners to confirm users, roles, privileged accounts, guests, inactive accounts and exceptions. Reviewer, date, evidence, removals and unresolved actions.

Close the access gaps around the main account

  • Email and single sign-on groups
  • Privileged and emergency accounts
  • Shared credentials and service accounts
  • Remote access and device management
  • Cloud consoles and billing
  • Customer, partner and supplier portals
  • API tokens, keys and integrations
  • Physical access, passes and keys
  • Forwarding, delegation and mailbox access
  • Files owned by the departing person

Base access on roles, then check the exception

Role templates make common access consistent, but managers and system owners must still check whether the individual needs every permission. Avoid routine shared accounts because they weaken accountability; where a technical service account is necessary, name its owner, purpose, secrets process and review date.

The UK NCSC identity and access management guide covers least privilege and circumstances for granting and revoking access, typically through a joiners, movers and leavers process. Its identity design guidance also recommends unique identities, roles and lifecycle support.

Joiner, mover and leaver access FAQs

Who should approve access to a business system?

The requester’s manager can confirm the work need, while the system or information owner should approve sensitive or privileged access. Separate request, approval and fulfilment where the risk warrants it, and record any exception.

How quickly should a leaver’s access be removed?

Set timing according to the role, departure circumstances and risk, with immediate coordinated action for hostile or high-risk departures. Normal departures still need a clear effective time and confirmation across every relevant service.

Are shared accounts ever acceptable?

Prefer named accounts so activity can be attributed and access removed individually. Where a system genuinely requires a shared or service identity, document its purpose, owner, permitted users, authentication, logging, secret changes and review schedule.

Continue your business technology decision

Use the next guide that matches the requirement, investment, supplier, implementation, migration, access, continuity or renewal question you still need to resolve.