Which statement is correct about deactivating a staff account after they leave?

When a staff member leaves, the essential step is to revoke their access through the proper security channels to protect data and keep systems secure. The best approach is to contact the HMIS Team to deactivate the account because they manage user permissions and maintain an auditable record of access changes. This ensures the deactivation is carried out consistently across all parts of the system, without relying on the departing user, and it helps address any associated tasks, data ownership, or API connections tied to that account. Self-deactivation by the staff member isn’t reliable once they’ve left and can bypass official security controls. Deleting the account might seem tidy, but it can erase important historical activity and complicate audits and reporting. Delaying the deactivation keeps access active longer than it should, creating a security risk.