Responsibilities After Termination or Change of Employment

It is a people control requiring organizations to formally define, enforce, and communicate the information security responsibilities and duties that remain valid after an employee or contractor is terminated or changes roles.

Key responsibilities include maintaining the confidentiality of intellectual property and personal data, returning all physical assets, and adhering to the terms of any signed non-disclosure agreements (NDAs).

Access should be revoked by immediately disabling the user's central identity (e.g., Active Directory or SSO) and triggering an access deprovisioning process that removes permissions across all connected systems and physical facilities.

An IT offboarding checklist should include steps for disabling network access, revoking SSO credentials, retrieving hardware (laptops, badges), wiping remote data, and transferring ownership of critical files. WatchDog Security's Asset Inventory can help confirm which devices, SaaS accounts, and identities are associated with the person so the checklist covers everything that must be recovered or reassigned.

Offboarding evidence for ISO 27001 audit purposes typically includes a completed employee termination security checklist, system access logs verifying prompt account deactivation, and exit interview records acknowledging post-employment duties. WatchDog Security's Compliance Center can centralize these artifacts under the control so auditors can review a complete evidence trail by person and date.

These obligations are formally communicated through a post-employment confidentiality obligations policy referenced in their initial contract and reiterated via an exit interview or formal termination letter from HR.

A contractor offboarding checklist IT security process should mirror the employee process, ensuring all access is strictly revoked on the contract end date and any proprietary data is securely returned or destroyed.

Enforce a return of company assets offboarding checklist that requires IT sign-off before final clearance, and utilize Mobile Device Management (MDM) tools to remotely lock or wipe devices if they are not returned promptly. WatchDog Security's Asset Inventory can record assigned endpoints and key SaaS access so IT can verify returns, removals, and ownership transfers were completed before final clearance.

Termination involves a complete access deprovisioning process and asset return, whereas a role change requires a role change access review checklist to remove access specific to the old job while granting access for the new one to prevent privilege creep.

Offboarding records and logs should generally be retained for at least the length of the audit cycle (e.g., 1 to 3 years), or as specifically dictated by the organization's legal and regulatory retention requirements.

Offboarding proof is often scattered across HR documents, IT tickets, and system logs, which makes audits slow and error-prone. WatchDog Security's Compliance Center helps by mapping the control to required evidence, tracking completion, and centralizing artifacts like checklists, access revocation logs, and exit attestations in one audit-ready record.

Missed SaaS accounts and devices are common when teams rely on tribal knowledge or incomplete lists, leaving lingering access and ownership gaps. WatchDog Security's Asset Inventory & SaaS Security Posture Management (SSPM) helps by maintaining a SaaS inventory and identity mapping so you can validate which apps, accounts, and assigned assets are tied to the departing person and ensure they are deprovisioned or reassigned.