Key Elements of an Employee Separation Policy

writing-828911_1920

Whether the separation is amicable, hostile, or indifferent, letting an employee go is never an easy process—as the COO of our outsourced IT firm, I know this all too well.
 
Besides any emotional burden, there is also a lot for the employer to take care of on the tactical side to make sure that the split is smooth and safe. Part of this is having a proper employee separation policy in place that prevents any (now former) employee from tampering with your company data—whether their intentions are malicious or not.
 
Obviously, no two separations are going to be the same, and different circumstances will require different measures as far as the actual execution goes.
 
However, there are some standard elements to consider when it comes to crafting a successful employee separation policy, along with some best practices that we’ve learned over our 24 years in the industry. We’ll take some time to work through those below.
 

Considerations that will shape the nature of your separation

Before it is time to let one of your employees go, take these elements into consideration:

1. Is the separation voluntary or involuntary? This factor will have the most bearing on the nature of your separation. Involuntary separations will require a lot more up-front planning to guarantee a seamless transition. Even voluntary separations, though, should not be discounted, since you don’t ever truly know someone’s motivation for leaving.

2. What is the person’s system access level? Is this a receptionist, who has basic access to your client data but not to any financials or Personally Identifiable Information (PII)? Or is this your IT person, who has total access to each and every element of your system, and could potentially take your entire operation down if they became disgruntled? The more access they have, the more critical it is that you disable said access in a very precise and methodical manner.

3. Who is going to be responsible for this person’s duties once they are gone? Have you identified someone to pick up where this employee leaves off? This means hiring a suitable replacement to take over as (or, ideally, before) the employee leaves, or identifying someone to assume their duties while you work through your hiring process. This will determine which access points you need to shut off, and which you need to transfer.

 

Key elements of an employee separation policy

When the time comes for the actual separation, your policy should force you to address the following elements:

  • Equipment. Take stock of all of the employee’s physical access points, including their desktop, laptop, mobile device, or otherwise. Identify who will collect these assets once it’s time to let the employee go.
  • Network Access. Identify each entryway into your corporate data, including all applications. Identify who will shut off access to each of these entryways. This will be someone in your IT team, whether it’s in-house or outsourced.
  • Timing. Set a specific date and time when you will communicate the separation with the employee, or when the separation will take effect. Coordinate with your IT resource to disable all network access at this specific time.
  • Enforcement. Do not let the employee access any company equipment for any reason following their separation. Have them hand over all mobile devices as-is to the identified person. No exceptions.
  • Transition. Communicate the separation with the rest of your staff, and direct them to the person who will be assuming those job duties going forward.

 
If the employee in question was in your IT department, there are going to be several extra steps to take here. You’ll need to force password changes on your entire organization. You’ll need to change all administrative passwords. You’ll need to have your replacement comb through your Active Directory to verify that all accounts that are set up and active are valid and in use, and you’ll need to disable any accounts that aren’t. Leave no stone unturned, since you can guarantee that your IT person has already looked underneath them.
 
Of course, best practice dictates that you work through this plan with your HR and legal resources in addition to your IT team. From a technical perspective, however, the primary objective of your separation policy is to protect your company data, and to prevent any tampering of any sort.
 
Above all else, planning is your best defense here. While you can’t always anticipate someone leaving, you can establish a solid policy that allows you to quickly and confidently adapt to changing situations.
 
From there, you’re on the right path to smooth, secure transitions from one employee to the next.

Have you lost confidence in your outsourced IT team? Looking for an objective,  large-scale assessment of where your network and its support stands? Let us  know--we can help.