4.8 Offboarding, Access Control, and Knowledge Transfer
An employee’s departure is not merely an HR administrative task; it is a critical security event and a major operational risk point. A sloppy exit sequence leaves two dangerous vectors open: one for data leakage (Active IP theft) and one for systemic operational failure (Lost tribal knowledge).
This chapter defines the protocol for “Closing the Loop.” The sole objective of offboarding is to neutralize institutional risk and permanently preserve corporate memory. Offboarding must be treated with the identical rigor and checklist discipline applied to onboarding. All access rights must be revoked, and every critical piece of undocumented knowledge must be documented into the core system before the employee exits the building.
The Security Protocol (The Kill Switch)
Section titled “The Security Protocol (The Kill Switch)”When an employee leaves the company—whether through voluntary resignation or involuntary termination—the highest priority is System Integrity. Access revocation is an immediate, standard process.
The “Revoke First” Rule
Section titled “The “Revoke First” Rule”- Involuntary Exit (Termination): IT and Facilities must execute access revocation simultaneously with the termination meeting.
- The Standard: The terminated employee returns to their desk to pack personal items only under direct management or security supervision. They do not log into the network “one last time.”
- Voluntary Exit (Resignation): Basic email access may remain active during the formal notice period for handover purposes, but all “Privileged Access” (Admin rights, Bank authorizations, ERP approvals, Code deployment permissions) is stripped when notice is given.
- The Logic: A resigning employee is a security risk. Core administrative rights are never left with personnel who are actively exiting the system.
The Immutable Audit Trail
Section titled “The Immutable Audit Trail”IT must generate and file a formal “Revocation Log” confirming that:
- The Email account is disabled (or forwarded to the Manager).
- VPN/SSO network access is terminated.
- All expensive SaaS licenses (Salesforce, Project management software, Altium, CAD) are reclaimed.
- The physical security badge is deactivated.
Knowledge Transfer (The Brain Dump)
Section titled “Knowledge Transfer (The Brain Dump)”Useless “Exit Interviews” prioritize feelings; “Handover Audits” prioritize facts. Operationally, the reason for departure is secondary to the capture of institutional knowledge.
The “Bus Factor” Mitigation
Section titled “The “Bus Factor” Mitigation”The ultimate engineering goal of a handover is ensuring that if the departing person were unavailable tomorrow, the company would continue operating without a single operational anomaly.
The Handover Artifact
Section titled “The Handover Artifact”The departing employee is required to produce a detailed Transfer Document (A fixed Confluence Page or properly structured Shared Folder) containing:
- Open Loops: A comprehensive list of all active projects, their exact current status, and the immediate next operational step.
- Key Contacts: A mapping of operational dependencies (Critical Suppliers, Key Client Stakeholders).
- The “Gotchas”: Undocumented, bizarre quirks of the physical or digital system. (e.g., “Server B requires a manual hard restart every Tuesday at 2 AM”).
- The File Map: Where exactly are the source files located? (Direct URL links to the master repo or shared drive are required; local desktop storage is invalid).
The Gatekeeper
Section titled “The Gatekeeper”The direct Manager must audit this Handover Artifact. When the handover is incomplete or lazy, the final clearance (and potentially any final discretionary bonus payouts) is withheld until it is fully rectified to the company standard.
Physical Asset Recovery
Section titled “Physical Asset Recovery”Hardware assets (Expensive Laptops, Oscilloscopes, Security Badges, Calibrated Tools) are company property. They must be recovered in functional condition.
- The Digital Wipe: All returned digital devices must be secure-erased by IT within 24 hours of return to prevent cross-contamination.
- The Inspection: Facilities/IT formally checks the hardware for physical damage.
- The Financial Hold: The replacement cost of unreturned or severely damaged equipment (beyond standard wear and tear) will be automatically deducted from the final financial settlement, wherever legally permitted.
Offboarding Checklists
Section titled “Offboarding Checklists”The exit process differs by role type to mitigate specific risks. The checklists below must be strictly followed.
Checklist A: Office / Hardware Engineering Roles (IP Focus)
Section titled “Checklist A: Office / Hardware Engineering Roles (IP Focus)”| Step | Required Action Item | The Owner | The Timing |
|---|---|---|---|
| 01 | Formal Resignation Acceptance Letter (Locking the Last Day). | The Manager | Day 0 |
| 02 | Instant Privileged Access Revocation (Admin/Finance limits). | IT | Day 0 |
| 03 | Comprehensive Handover Artifact Creation & Review. | The Employee | Week -1 |
| 04 | Client Notification Plan (Who officially tells the client?). | The Manager | Week -1 |
| 05 | Physical Asset Return (Laptop, Monitors, Specialized Peripherals). | IT | Last Day |
| 06 | Total Access Revocation (Email, Slack, VPN disabled). | IT | Last Hour |
Checklist B: Factory / SMT Ops Roles (Safety & Inventory Focus)
Section titled “Checklist B: Factory / SMT Ops Roles (Safety & Inventory Focus)”| Step | Required Action Item | The Owner | The Timing |
|---|---|---|---|
| 01 | Shift Coverage Plan (Who actually takes the line shift?). | Shift Lead | Day 0 |
| 02 | Tool Audit (Mandatory return of calibrated tools/keys). | Shift Lead | Week -1 |
| 03 | Physical PPE Return (Expensive ESD Smocks, Locker Keys). | Admin | Last Day |
| 04 | Security Badge Deactivation (No physical access point). | Security | Last Hour |
| 05 | WIP Handoff (Exact status check of current board batches). | Operator | Last Shift |
The “Boomerang” Policy
Section titled “The “Boomerang” Policy”While security is rigorously enforced, departing personnel are treated with professional dignity. The tech and manufacturing industries operate within finite networks. An A-Player exiting on excellent terms (A “Good Leaver”) remains a highly valuable potential future asset or customer.
- The Good Leaver: Resigned with proper formal notice, completed a handover artifact, actively trained their successor. -> System Status: “Eligible for Rehire.”
- The Bad Leaver: Ghosted the team, attempted sabotage, or refused a proper handover. -> System Status: “Do Not Rehire.”
Final Checkout: Offboarding, access control, and knowledge transfer
Section titled “Final Checkout: Offboarding, access control, and knowledge transfer”| The Control Point | The Operational Rule / Standard |
|---|---|
| Revocation Speed | Immediate for involuntary. The Last Hour for voluntary. |
| Knowledge Capture | A formal Written Artifact is mandatory. Zero tolerance for purely verbal handovers. |
| Privileged Access | Revoke all Admin/Financial rights the very second a resignation notice is submitted. |
| Asset Verification | Verify all expensive tools/laptops against the master inventory log before the employee exits. |
| Client Comms | The Manager controls the narrative. The Employee does not send emotional “Goodbye” emails to key clients. |
| Physical Security | The physical badge must be collected in person. Letting them “mail it in later” is strictly prohibited. |