Joiner-mover-leaver describes the three moments in an employee's lifecycle where the access landscape must change. A joiner needs accounts, licences, and system access provisioned before their first day, scoped to their role and to the principle of least privilege. A mover, changing team or taking on new responsibilities, needs the old access profile revoked and a new one applied. A leaver needs every account disabled and every token invalidated on or before their last working hour. Most breaches involving internal access can be traced to a failure in one of these three transitions.
The framework matters to compliance auditors because ISO 27001 Annex A.5.18 requires documented and implemented procedures for the entire access rights lifecycle. NIS2 similarly requires that operators of essential services maintain current, auditable access records. Passing an audit on this control means showing that joiners were provisioned on time, that movers had the right profile applied within an agreed window, and that leavers had access revoked before the next business day.
In practice, organisations fail on movers more often than on joiners or leavers, because promotions and internal transfers are less visible to the IT team than onboarding or offboarding. A mover who keeps their old permissions alongside their new ones is a standing least-privilege violation that accumulates silently over years. The Askara Solutions agent surfaces these accumulation risks as part of the access review cadence, so the mover problem becomes visible as data rather than as a finding on an audit report.