Re: Handling Sysads resignation/termination

From: Thor (Hammer of God) (thor@hammerofgod.com)
Date: Thu Aug 04 2005 - 02:49:12 EDT


>2) It is important to get a signature on a document that acknowledges
>that the person has not taken any steps to alter systems, data, etc.
>This cuts to the heart of intent if there is a problem alter on. In
>response to Susan Bradleys point, this is why signing the document is
>usually tied to any severence package being offered.

No, it's not. I don't want to sound too harsh here, but this is not good
advise... Well, to be more specific, it is not good "legal" advise.
Requiring someone to sign a document in order to receive severance benefits
could easily constitutes a state of duress (as I already said in my first
email.) It doesn't cut to the heart of intent at all, it cuts to the heart
of "I signed what they forced me to sign so that I would get my last check
so that I could feed my family." Additionally, in some states (note that
this perspective is from a US mentality) signing a document exacting
performance (regardless of direction) in exchange for benefits could
actually be considered an employment contract, thus giving the
to-be-terminated employee more rights to employment benefits than originally
offered -- even in "at will employment" states according to citations of
specific case law I've read regarding the matter.

But of course, you need to check with your lawyer on this point. I don't
take technology advise from my lawyer, and I would suggest to readers of
this post that they don't take legal advise from technologists either.

>3) The document should also address any intellectual property and
>non-compete issues. Even if the person has not done any tampering they
>still have a lot of information sitting in their head. This might be
>useful to a competitor or simply harmful to the company if released
>into the wild.

That *must* be addressed at employment. NDA's and NC's need to be signed
coming into employment, not leaving it. But again, check with your lawyer
on that.

>This process does not have to be done in a heavy handed way but should
>be done in a way that makes it clear that the company is paying
>attention.

Making someone sign something to get their final check *IS* heavy handed, no
matter how nice you try to make it. Addressing aspects of system state and
security is something you build into the employment policy (not contract,
unless you really want a contract) when people get hired, not when they are
terminated or willfully leave employment.

t

------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:41 EDT