In case of termination of employment, the following should be observed:
Before termination of employment, the designated successor of the individual concerned must be given a briefing on the tasks.
All documents, issued keys, borrowed IT equipment (e.g. laptops, data media, documentation) must be recovered. In particular, agency/company passes are to be retrieved from the staff member terminating his/her employment.
All entry and access rights held by the departing staff member must be revoked or deleted. This also includes external access authorisations via data communication equipment. If, in exceptional cases, several persons shared one access right to an IT system (e.g. by using a common password), the access rights must be altered upon termination of employment by one of those individuals.
If the departing staff member was assigned functions under a contingency plan, the latter must be up-dated.
All persons entrusted with security tasks, especially entrance control staff, must be informed about any such changes.
Individuals no longer employed with the agency/company must be denied uncontrolled access to the agency/company premises, especially entry into rooms housing IT systems.
Optionally, all entry and access rights regarding IT systems may be revoked even in the period from giving notice of termination and actual termination of employment, and in addition, the individual concerned may be prohibited from entering protected rooms.
In this respect, a useful means are inter-office slips laying down the various steps to be taken by a staff member before leaving the agency/company.
Additional controls:
Are regular provisions applied in case of termination of employment?
How are the relevant bodies informed of the termination of service by a staff member?
Are there any former staff members who still hold previously issued passes?
How is it ensured that all entry and access rights of a staff member terminating his/her employment are revoked and deleted?
