Once issued, a digital account/identifier is connected uniquely with a natural person. Once issued, (old) accounts and unique account information are never (re)assigned to other natural persons.
After individuals have left the organisation, their digital & legal identities are kept for a predefined period of time, based on business and legal requirements.
Specification
Digital access can always be traced to a unique individual.
ISO 27001 & 27002:2022
A5.2,
A5.3,
A5.15,
A5.16,
A5.17,
A5.18,
A6.5,
A8.2,
A8.3,
A8.4,
A8.5
SURF toetsingskader informatiebeveiliging (NBA-volwassenheidsmodel)
ID.02 Access rights administration