4.8 Offboarding, Access Control, and Knowledge Transfer
An employee’s departure is not just an HR administrative task; it is a critical security event and a major operational risk point. A sloppy exit sequence leaves two dangerous doors open: one for data leakage (Active IP theft) and one for systemic operational failure (Lost tribal knowledge).
This chapter defines the protocol for “Closing the Loop.” The sole objective of offboarding is to neutralize institutional risk and permanently preserve corporate memory. We treat offboarding with the same rigor and checklist discipline as onboarding. All access rights must be revoked, and every critical piece of undocumented knowledge must be downloaded into the core system before the employee exits the building.
The Security Protocol (The Kill Switch)
Section titled “The Security Protocol (The Kill Switch)”When an employee leaves the company—whether through voluntary resignation or involuntary termination—the highest priority is System Integrity. Access revocation is an immediate, standard process.
The “Revoke First” Rule
Section titled “The “Revoke First” Rule”- Involuntary Exit (Termination): IT and Facilities must execute access revocation simultaneously with the termination meeting.
- The Standard: The terminated employee returns to their desk to pack personal items only under direct management or security supervision. They do not log into the network “one last time.”
- Voluntary Exit (Resignation): Basic email access may remain active during the formal notice period for handover purposes, but all “Privileged Access” (Admin rights, Bank authorizations, ERP approvals, Code deployment permissions) is stripped when notice is given.
- The Logic: A resigning employee is a security risk. You do not leave the master keys to the kingdom in the pocket of someone who has mentally checked out and is actively leaving.
The Immutable Audit Trail
Section titled “The Immutable Audit Trail”IT must generate and file a formal “Revocation Log” confirming that:
- The Email account is disabled (or forwarded to the Manager).
- VPN/SSO network access is terminated.
- All expensive SaaS licenses (Salesforce, Jira, Altium, CAD) are reclaimed.
- The physical security badge is deactivated.
Knowledge Transfer (The Brain Dump)
Section titled “Knowledge Transfer (The Brain Dump)”Useless “Exit Interviews” are designed for feelings; “Handover Audits” are designed for facts. Operationally, we do not care why they are leaving nearly as much as we care about capturing exactly what they know.
The “Bus Factor” Mitigation
Section titled “The “Bus Factor” Mitigation”The ultimate engineering goal of a handover is to ensure that when this departing person is hit by a bus tomorrow, the company would continue operating without a single operational hiccup.
The Handover Artifact
Section titled “The Handover Artifact”The departing employee is required to produce a detailed Transfer Document (A fixed Confluence Page or properly structured Shared Folder) containing:
- Open Loops: A comprehensive list of all active projects, their exact current status, and the immediate next operational step.
- Key Contacts: A mapping of “Who do I call for X?” (Critical Suppliers, Key Client Stakeholders).
- The “Gotchas”: Undocumented, bizarre quirks of the physical or digital system. (e.g., “Server B requires a manual hard restart every Tuesday at 2 AM”).
- The File Map: Where exactly are the source files located? (Provide the direct URL link to the master repo or shared drive, not “It’s somewhere on my local desktop”).
The Gatekeeper
Section titled “The Gatekeeper”The direct Manager must audit this Handover Artifact. When the handover is incomplete or lazy, the final clearance (and potentially any final discretionary bonus payouts) is withheld until it is fully rectified to the company standard.
Physical Asset Recovery
Section titled “Physical Asset Recovery”Hardware assets (Expensive Laptops, Oscilloscopes, Security Badges, Calibrated Tools) are company property. They must be recovered in functional condition.
- The Digital Wipe: All returned digital devices must be secure-erased by IT within 24 hours of return to prevent cross-contamination.
- The Inspection: Facilities/IT formally checks the hardware for physical damage.
- The Financial Hold: The replacement cost of unreturned or severely damaged equipment (beyond standard wear and tear) will be automatically deducted from the final financial settlement, wherever legally permitted.
Offboarding Checklists
Section titled “Offboarding Checklists”The exit process differs by role type to mitigate specific risks. You must use the checklist below.
Checklist A: Office / Hardware Engineering Roles (IP Focus)
Section titled “Checklist A: Office / Hardware Engineering Roles (IP Focus)”| Step | Required Action Item | The Owner | The Timing |
|---|---|---|---|
| 01 | Formal Resignation Acceptance Letter (Locking the Last Day). | The Manager | Day 0 |
| 02 | Instant Privileged Access Revocation (Admin/Finance limits). | IT | Day 0 |
| 03 | Comprehensive Handover Artifact Creation & Review. | The Employee | Week -1 |
| 04 | Client Notification Plan (Who officially tells the client?). | The Manager | Week -1 |
| 05 | Physical Asset Return (Laptop, Monitors, Specialized Peripherals). | IT | Last Day |
| 06 | Total Access Revocation (Email, Slack, VPN disabled). | IT | Last Hour |
Checklist B: Factory / SMT Ops Roles (Safety & Inventory Focus)
Section titled “Checklist B: Factory / SMT Ops Roles (Safety & Inventory Focus)”| Step | Required Action Item | The Owner | The Timing |
|---|---|---|---|
| 01 | Shift Coverage Plan (Who actually takes the line shift?). | Shift Lead | Day 0 |
| 02 | Tool Audit (Mandatory return of calibrated tools/keys). | Shift Lead | Week -1 |
| 03 | Physical PPE Return (Expensive ESD Smocks, Locker Keys). | Admin | Last Day |
| 04 | Security Badge Deactivation (No physical access point). | Security | Last Hour |
| 05 | WIP Handoff (Exact status check of current board batches). | Operator | Last Shift |
The “Boomerang” Policy
Section titled “The “Boomerang” Policy”While we are rigorous on security, we genuinely treat departing employees with dignity. The tech and manufacturing industry is extremely small. An A-Player who leaves on excellent terms (A “Good Leaver”) is a highly valuable potential future re-hire or future customer.
- The Good Leaver: Resigned with proper formal notice, completed a handover artifact, actively trained their successor. -> System Status: “Eligible for Rehire.”
- The Bad Leaver: Ghosted the team, attempted sabotage, or refused a proper handover. -> System Status: “Do Not Rehire.”
Final Baseline Checklist
Section titled “Final Baseline Checklist”| The Control Point | The Operational Rule / Standard |
|---|---|
| Revocation Speed | Immediate for involuntary. The Last Hour for voluntary. |
| Knowledge Capture | A formal Written Artifact is mandatory. Zero tolerance for purely verbal handovers. |
| Privileged Access | Revoke all Admin/Financial rights the very second a resignation notice is submitted. |
| Asset Verficiation | Verify all expensive tools/laptops against the master inventory log before the employee exits. |
| Client Comms | The Manager controls the narrative. The Employee does not send emotional “Goodbye” emails to key clients. |
| Physical Security | The physical badge must be collected in person. Do not ever let them “mail it in later.” |