Skip to content
Log in

Offboarding controls

Definition

The set of actions taken when a vendor relationship ends: revoking access credentials, recovering or destroying shared data, terminating network connectivity, and documenting completion. Inadequate offboarding that leaves credentials active or data unreturned is one of the most frequently cited third-party risk findings in security audits.

Related terms

Due diligence questionnaire (DDQ)
A structured questionnaire sent to a prospective vendor before onboarding, asking the vendor to describe its security controls, certifications, incident history, subprocessor...
Right-to-audit clause
A contractual provision that gives the organisation the right to audit or assess the vendor's security controls, either directly or through a...
Subprocessor
A third party engaged by a vendor (the processor) to perform part of the service that involves the organisation's data. Under GDPR...
Third-party risk
The information security, operational, legal, or reputational risk introduced to an organisation by its relationships with external parties including vendors, suppliers, cloud...
Vendor tiering
The classification of vendors into risk tiers, typically Tier 1 (critical), Tier 2 (significant), and Tier 3 (low), based on factors such...

Explained in

  • Third-Party Risk Management ProgrammeThe set of actions taken when a vendor relationship ends: revoking access credentials, recovering or destroying shared data, terminating network connectivity,...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account