Most small businesses believe their biggest IT risk comes from outside attackers. In reality, though, many of the most damaging incidents start internally, without bad intent, because access was never properly removed or adjusted.
A former employee still has access to email.
A manager changed roles but kept admin permissions.
A contractor account or access was never disabled.
These situations exist because Joiner Mover Leaver controls were never defined, or properly managed.
Joiner Mover Leaver governance is not about red tape. It is about closing gaps that quietly accumulate as a business grows. Properly managed, JML governance can be a quick checkmark that ensures there’s a tight lid kept on the risk associated with promotions, job changes, dismissals, and cooperation around the organization (and with outside staff).
What Joiner Mover Leaver Actually Means
Joiner Mover Leaver, often shortened to JML, refers, simply, to how access is handled when someone:
- Joins the organization
- Moves to a new role
- Leaves the organization
Each of these three moments introduces risk if access is not reviewed deliberately.
When we take over accounts we usually find out that JML is usually handled informally through emails, hallway conversations, or assumptions that someone else took care of it. That approach works until it does not. We suggest keeping a document record of accesses given (permanently and temporarily) to staff at specific times in their employment with your organization.
Why JML Breaks Down in Growing Businesses
JML failures are rarely caused by negligence. They happen because roles evolve faster than documentation. Managers may approve access verbally, and not inform IT or HR who aren’t aware of where their responsibilities overlap.
At Fidalia Networks, JML gaps are one of the most common issues we find in organizations with messy IT environments.
The business simply assumes access is managed. In fact, one of the quickest ways to tell if JML is an issue for your organization is to run an audit of your Microsoft Office 365 environment. This one-hour long audit reveals all of the whitelists, out-dated rules and passwords that currently pose a risk to your organization. We run these audits annually for most of our clients and find that even after only 12 months, granted permission rationale is vague or non-existant.
What Goes Wrong Without JML Controls
When Joiner Mover Leaver governance is missing, four predictable problems appear. We see these common problems regularly when first taking over an account from either an IT team-member or another iT firm:
1. Orphaned Accounts
Users who no longer work at the company still have access to systems, email, or cloud platforms. This happens more than anyone suspects. Managers who aren’t IT people assume that the user’s credentials follow them to the door. The truth is that email addresses and passwords are too often unchanged – especially when someone transfers to another office or department. Who manages department changes in your organization? If it’s not clear, you can expect to have orphaned accounts somewhere.
2. Privilege Accumulation
Employees who move roles keep old permissions while gaining new ones, creating unnecessary admin access. Fast-moving businesses – especially those that are growing – need to implement rigour early and enforce it continually.
3. Incident Confusion
During security events, teams do not know which accounts are valid and which should be disabled immediately. We’ve, thankfully, only had to to deal with this issue a few times. JML control governance isn’t water-cooler conversation and so we see it neglected pretty much everywhere. Quietly fixing the issues (closing the gaps) is usually straight-forward. But if a security event was to hit, an unmanaged access plain can be a significantly difficult hole to plug.
4. Compliance and Insurance Exposure
Cyber insurers increasingly ask how access is removed when employees leave. Weak answers increase risk ratings. If you’re looking to get insurance for your business – having a tightly documented JML control process will signal to your insurer that you’ve got your finger on the pulse of your organizational risk.
JML failures rarely cause instant outages but they do increase blast radius.
The Joiner Mover Leaver Register That Fixes This
The Joiner Mover Leaver sheet in the IT Governance Workbook exists to make access changes intentional and visible.
It focuses on decisions, not tools.
| Event Type | Required Action | Owner |
|---|---|---|
| Joiner | Grant minimum required access | Manager |
| Mover | Review and remove old access | Manager and IT |
| Leaver | Disable and remove all access | IT and Operations |
This table clarifies responsibility at the moment risk changes.
The purpose is not to slow onboarding.
The purpose is to prevent access from silently persisting forever.
Why Onboarding Alone Is Not Enough
Most businesses focus heavily on onboarding new staff. They create accounts, assign licenses, and move on. Maybe the employee is lucky enough to get a small party thrown for them.
The real risk appears later:
- When roles change – cross-departmental moving
- When responsibilities expand – simple promotions
- When someone exits unexpectedly – leaves are generally more confusing than dismissals
Without a mover and leaver process, access only ever grows. This is an important point to make. Without a clear mandate to clean up or trim access through milestones like when employees move or leave, access only continues to grow. As access grows, so, too, does your threat plain and your blast radius.
This is how organizations end up with:
- Shared passwords
- Lingering admin rights
- Vendor access that never expires
JML Governance During Security Incidents
During a cyber incident, Joiner Mover Leaver clarity becomes critical.
Someone must decide:
- Which accounts are still valid
- Which accounts should be locked immediately
- Whether departed users still have active sessions
- Whether credentials must be rotated
If this information is not already documented, response slows dramatically. This is why JML governance directly supports incident response, disaster recovery, and operational resilience. If you’re having trouble with your RTO, it’s not usually because of the hardware stack that’s powering your DR efforts. It’s often because somewhere, credentials are shared or sessions aren’t properly terminated.
You can see how this governance layer supports Fidalia’s service delivery here:
https://fidalia.com/it-services
And how it fits into the broader IT governance framework here:
https://www.fidalia.com/it-governance
Who Owns Joiner Mover Leaver Decisions
In small businesses, JML ownership usually involves:
- Direct managers
- Operations leadership
- HR or finance leadership
- IT or external IT partners
The critical requirement is that ownership is made explicit. When everyone assumes someone else handled access changes, no one actually does. That’s when your cybersecurity posture gets so far out of whack you need to hire us to bring it all back together.
This Is Practical Governance, Not Bureaucracy
We’ve done our best to create a a JML governance template that simplifies the process of collecting and maintaining accesses. It is one of the few areas of IT that needs very little governance. If an organization sets their JML processes and abides by them, there shouldn’t be any need for complex identity management platforms, approval chains or dedicated security teams.
At its heart, JML requires:
- Clear triggers
- Defined responsibility
- Consistent follow-through
If you cannot confidently say that access is removed when people leave, you are carrying unnecessary risk. If your business has grown and roles have changed over time, Joiner Mover Leaver gaps almost certainly exist.
Download Fidalia’s IT Governance Workbook and document access changes before they turn into a security or insurance problem.
Access the workbook here:
https://www.fidalia.com/it-governance
Frequently Asked Questions
What are Joiner Mover Leaver controls?
They define how access is granted, changed, and removed when people join, change roles, or leave a business.
Why are leaver controls so important?
Former employees and contractors pose high risk if access is not fully removed after departure.
Can Fidalia help implement JML governance?
Yes. Fidalia helps Ontario businesses document and operationalize Joiner Mover Leaver controls as part of a broader IT governance program.