Control 3.6: Orphaned Agent Detection and Remediation - Verification & Testing
This playbook provides verification and testing procedures for Control 3.6.
Verification Steps
1. Detection Accuracy
- Run orphan detection script
- Manually verify flagged agents are truly orphaned
- Confirm no false positives in results
2. Remediation Workflow
- Test reassignment process
- Verify archive functionality
- Confirm approval routing works
3. SLA Monitoring
- Create test orphan entry
- Verify SLA timers activate
- Confirm escalation at breach
Compliance Checklist
| Item | Required For | Status |
|---|---|---|
| Weekly orphan detection | Governance hygiene | |
| Remediation SLAs defined | Operational efficiency | |
| Approval workflow for deletion | Risk management | |
| Orphan report archiving | Audit evidence | |
| Owner succession planning | Business continuity |
Test Cases
Test Case 1: Departed Owner Detection
Objective: Verify detection when owner leaves organization
Steps:
- Identify agent owned by disabled user
- Run orphan detection
- Verify agent flagged with "Owner Departed"
Expected Result: Agent correctly identified as orphan
Test Case 2: Reassignment Process
Objective: Verify ownership transfer works
Steps:
- Select orphaned agent
- Execute reassignment to new owner
- Verify new owner has full access
- Confirm metadata updated
Expected Result: Ownership successfully transferred
Test Case 3: Archive and Delete
Objective: Verify secure agent removal
Steps:
- Archive an orphaned agent
- Verify agent is disabled
- After retention period, execute deletion
- Confirm complete removal
Expected Result: Agent properly archived then deleted
Evidence Collection
For audits, collect:
- Weekly orphan detection reports
- Remediation action logs
- Approval records for deletions
- SLA compliance metrics
Next Steps
- Portal Walkthrough - Manual configuration
- PowerShell Setup - Automation scripts
- Troubleshooting - Common issues
Updated: January 2026 | Version: v1.2