When an employee leaves the organization, a formal process should be followed to ensure all equipment is returned, and any associated accounts or access is revoked.

Sections

ID	Name	Description
ME021	Unrevoked Access	The subject has left the organization but still has access to services or data that is reserved for employees.
MT003	Leaver	A subject leaving the organisation with access to sensitive data with the intent to access and exfiltrate sensitive data or otherwise contravene internal policies.
ME021.001	User Account Credentials	User credentials that were available to the subject during employment are not revoked and can still be used.
ME021.002	Web Service Credentials	Web credentials that were available to the subject during employment are not revoked and can still be used.
ME021.003	Physical Access Credentials	Physical security credentials, such as an ID card or physical keys, that were available to the subject during employment are not revoked and can still be used.
ME021.004	API Keys	API keys that were available to the subject during employment are not revoked and can still be used.
ME021.005	SSH Keys	SSH keys that were available to the subject during employment are not revoked and can still be used.
ME021.006	Multi-Factor Authentication	MFA tokens or hardware devices (such as physical security keys) issued to the subject during employment are not deactivated and can still be utilized.