COMPLIANCE COUNSELOR
Termination procedures and the exit interview
James Michael Stewart
09.24.2002
Rating: -4.04- (out of 5)
|
Terminating an employee is never a joyous experience for the organization or the recipient of the pink slip. However, terminations are a fact of doing business. In light of today's security-conscious business environment, planning ahead on how to manage terminations can improve the security of your organization.
If security is of any importance to your organization at all, you should have a security policy. An important element in a security policy is the termination procedure. Termination procedures provide guidelines and a script of sorts to follow when an employee must be released. The procedures focus on making the firing processes as incident-free as possible and ensuring the ongoing security of the organization.
When developing your own termination procedure, keep the following key points in mind:
An exit interview is basically a review of the employee agreement and the non-disclosure agreement (NDA) the employee signed upon starting his job. It is important to remind terminated employees that they are legally restricted from discussing the security policy, security mechanisms and confidential data with anyone.
Most of the elements of the termination process and the exit interview are a matter of personnel administration rather than technical administration. But, don't forget there are several import technical elements
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
to address when an employee is terminated. First, what happens to their data? In many cases, you'll need to provide a copy of personal data (such as e-mail, documents, etc.) to the exiting employee. After the personal data is collected, it should be inspected and reviewed before being sent out. Once the data set is cleansed of all confidential data, it could be burned onto CD-Rs for ease of transference.
Also, what about their user account? In most cases, you'll want to simply disable the account rather than delete it. First, if the account is deleted, it will be removed from the accounts database and therefore performing security audits against the account will be impossible. Also, if you replace the employee or some other worker needs similar access privileges, it is easier to make a copy of an existing user account than create one from scratch and manually re-assign all access privileges.
Without a defined termination procedure, the act of firing an employee can result in numerous security oversights that can easily be exploited. Hopefully your organization will never experience retaliatory attacks from a terminated employee. But it is in the best interest of your organization to plan ahead and implement preventative safeguards.
About the author
James Michael Stewart is a researcher and writer for Lanwrights, Inc.
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSecurity.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
