Primary Objective: “To protect the organisation’s interest as part of the process of changing or terminating employment.”
After the employee has decided to leave the organisation, it becomes imperative that employee termination or change should be done in an orderly manner. Written termination policies should be established to provide defined steps for employee separation. It is essential that systems should be structured to provide adequate protection for the organisation 's assets and data.
Termination practices should address voluntary and involuntary (e.g., immediate) terminations. In certain situations, such as automatic terminations under adverse conditions, an organisation should have defined and documented procedures for escorting the terminated employee from the premises.
To prevent unauthorised access to sensitive information, access must be revoked immediately upon termination/separation of an employee with access to such information. This also includes the return of any assets of the organisation that was held by the employee.
The organisation must implement and maintain a procedure or set of processes to efficiently manage departing employees or the withdrawal of assigned responsibilities for employees, contractors and other third-party users. The organisation should ensure that critical knowledge or operational skills have been transferred to other resources before departure of the employee and contractor.
All employees should return all of the organisation’s assets in their possession upon termination of the employment. Such procedures shall include a provision for the secure erasure of all Official Information that is stored on the personal device
. Another important aspect that an organisation has to ensure is the access rights to information and information systems should be removed upon termination of the employment. The organisation must have a have an established and logged procedure for the withdrawal and modification of access rights for departing employees.