An orphan account is a user account that remains active but is no longer assigned to any current person in the organization. Common causes include incomplete offboarding, department changes without account cleanup, or test accounts left active after a project ends. Orphan accounts pose a significant security risk because attackers can take them over without being noticed. Regular access reviews (ISO 27001 Annex A.5.18) help you detect orphan accounts. Automate the reconciliation between your HR system and identity provider so that accounts are automatically deactivated when someone leaves.