During an audit of the company's security governance, it is noted that there is no formal process for adding and removing user access when employees join or leave the company. As a security professional, which of the following would BEST address this deficiency?
Implement a Written Consent Framework for access to sensitive information.
Enforce multi-factor authentication (MFA) for all users.
Implement an Onboarding/Offboarding procedure.
Revise the User Access Policy.