15. Staff Exit Strategy
Employees leaving an organisation take considerable knowledge about operations, assets and security vulnerabilities with them. This knowledge can present a risk to your organisation, particularly as the circumstances surrounding an employee’s departure are not always amicable.
A formal and thorough procedure for all staff departures will ensure appropriate actions are taken to protect the organisation, without unduly disrupting the employer-employee relationship.
You need to know:
- Is there an employee exit policy or strategy in place?
- Who is responsible for ensuring the policy takes effect or is triggered when staff leave the organisation?
- Does your staff exit strategy cover physical (building access), cyber (IT password deletion) and personnel (files and assets returned) security issues?
CPNI guidance is available on how to develop and implement a staff exit strategy:
- Personnel Security In Hindsight - video on CPNI’s YouTube channel (and available on DVD) that covers staff exit procedures
- Ongoing personnel security - good practice guidance that also covers exit