Because the organisation generated every credential through MyCena, the organisation holds a complete record of every credential issued, to every user, for every system. When someone leaves, an authorised admin issues a single revocation command. MyCena revokes every credential for that user across every system simultaneously — within seconds.

This is not a checklist. It is not a process that depends on IT knowing which systems the person accessed. The access map is maintained automatically as credentials are issued. Nothing is missed because nothing was ever outside MyCena's visibility.

The revocation event is logged automatically with a timestamp and the identity of the authorising user. That log is immediately available for regulatory submissions, client audits, and insurance evidence. The entire process — from departure confirmed to full revocation with timestamped proof — takes under ten seconds.