T 2.21 Inadequate organisation of the exchange of users

In the case that several users work on one IT system at different times, an exchange of users is inevitable. If this is not adequately organised and administered, it may not fulfil security requirements. This can be open to abuse if:

• current applications are not closed correctly,
• current data are not saved,
• data remain in the main storage or in temporary files,
• the previous user does not log off from the IT system, and
• the new user does not correctly log on to the IT system.