Return of Assets
Plain English Translation
ISO 27001 Annex A.5.11 requires that when an employee or contractor leaves the organization or changes roles, they must return all organizational assets in their possession. This includes physical hardware like laptops and keys, as well as digital assets like data files and access tokens. This control prevents unauthorized access and data leakage by ensuring that company property is recovered and accounted for immediately upon termination.
Technical Implementation
Use the tabs below to select your organization size.
Required Actions (startup)
- Use a manual offboarding checklist to collect laptops and keys
- Manually revoke access to email and cloud accounts
Required Actions (scaleup)
- Integrate asset return tracking with the HRIS system
- Implement remote wipe capabilities for unreturned mobile devices
Required Actions (enterprise)
- Automate the revocation of digital certificates and access tokens upon termination
- Establish legal workflows for recovering unreturned assets
It is an organizational control requiring the return of all assets upon employment change or termination, crucial for preventing data leaks and unauthorized access by former staff.
Compliance is ensured by implementing a mandatory offboarding process that includes an asset return checklist and cross-referencing returns against the asset inventory. WatchDog Security's Asset Inventory can help keep that inventory current across devices and SaaS so the checklist starts from an accurate list of assigned assets.
It covers physical assets (laptops, phones, keys), information assets (files, documents), and software assets (licenses, access tokens).
The return process should be initiated immediately upon notice of termination and completed on or before the employee's last working day.
Create a standardized offboarding checklist, assign clear responsibilities to HR and IT, and ensure the asset inventory is accurate to know exactly what needs to be returned.
Auditors look for completed offboarding checklists, signed asset return forms, and updated asset inventories showing the status change of returned items.
By ensuring the physical return of devices and the revocation of digital access, the control prevents departing employees from retaining or leaking sensitive data and intellectual property.
Risks include theft of hardware, unauthorized access to systems using unreturned credentials, and data breaches resulting from retained confidential information.
Returned digital storage media should be securely wiped or destroyed in accordance with the Media and Device Disposal policy (A.7.14) before reissue or disposal.
Best practices include conducting exit interviews to remind staff of confidentiality obligations, using automated tools to lock devices remotely, and maintaining a detailed log of all returned items.
A.5.11 is hard to execute reliably when you don't have a trustworthy list of what a person actually has—laptops, SaaS access, cloud resources, and identity-linked assets can drift over time. WatchDog Security's Asset Inventory helps by maintaining an up-to-date view of assigned and identity-mapped assets, making it easier for HR and IT to verify what must be returned or reclaimed before the departure is closed.
Auditors usually want proof that offboarding was performed consistently, not just that a policy exists—completed checklists, return confirmations, and inventory status changes are common evidence requests. WatchDog Security's Compliance Center can help track A.5.11 as a control with linked tasks and evidence items (for example, completed offboarding artifacts and inventory updates), making the audit trail easier to assemble and review.
| Version | Date | Author | Description |
|---|---|---|---|
| 1.0.0 | 2026-02-17 | WatchDog Security GRC Team | Initial publication |
