Page 151 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 151
situation in which the employee could cause harm, putting the
organization at risk. That’s why you need a well-designed exit
interview process.
However, just having the process isn’t enough. It has to be followed
correctly every time. Unfortunately, this doesn’t always happen.
You might have heard of some fiasco caused by a botched
termination procedure. Common examples include performing any
of the following before the employee is officially informed of their
termination (thus giving the employee prior warning of their
termination):
The information technology (IT) department requesting the
return of a notebook computer
Disabling a network account
Blocking a person’s personal identification number (PIN) or
smartcard for building entrance
Revoking a parking pass
Distributing a company reorganization chart
Positioning a new employee in the cubicle
Allowing layoff information to be leaked to the media
It should go without saying that in order for the exit interview and
safe termination processes to function properly, they must be
implemented in the correct order and at the correct time (that is, at
the start of the exit interview), as in the following example:
Inform the person that they are relieved of their job.
Request the return of all access badges, keys, and company
equipment.
Disable the person’s electronic access to all aspects of the
organization.
Remind the person about the NDA obligations.
Escort the person off the premises.
