4.8 Offboarding, Access Control, and Knowledge Transfer
An employee’s departure is a critical security event and an operational risk point. A sloppy exit leaves two doors open: one for data leakage (IP theft) and one for operational failure (lost tribal knowledge).
This chapter defines the protocol for "Closing the Loop." The objective is to neutralize risk and preserve institutional memory. We treat offboarding with the same rigor as onboarding—every access right granted must be explicitly revoked, and every critical piece of knowledge must be downloaded to the system.
The Security Protocol (The Kill Switch)
When an employee leaves—whether voluntarily or involuntarily—the priority is System Integrity. Access revocation is binary and immediate.
The "Revoke First" Rule
- Involuntary Exit (Termination): IT and Facilities must revoke access simultaneously with the termination meeting.
- Standard: The employee returns to their desk to pack personal items only under supervision. They do not log in "one last time."
- Voluntary Exit (Resignation): Access remains active during the notice period, but "Privileged Access" (Admin rights, Bank authorization, Code deploy) is removed immediately.
- Logic: A resigning employee is a security risk. Do not leave the keys to the kingdom in the pocket of someone who has mentally checked out.
The Audit Trail:
IT must generate a "Revocation Log" confirming that:
- Email account is disabled (or forwarded).
- VPN/SSO access is terminated.
- SaaS licenses (Salesforce, Jira, CAD) are reclaimed.
- Physical badge is deactivated.
Knowledge Transfer (The Brain Dump)
"Exit Interviews" are for feelings; "Handover Audits" are for facts. We do not care about why they are leaving as much as what they know.
The "Bus Factor" Mitigation
The goal is to ensure that if this person was hit by a bus, the company would continue operating without a hiccup.
The Handover Artifact:
The departing employee must produce a Transfer Document (Confluence Page / Shared Folder) containing:
- Open Loops: A list of active projects, their status, and the immediate next step.
- Key Contacts: "Who do I call for X?" (Suppliers, Client Stakeholders).
- The "Gotchas": Undocumented quirks of the system. (e.g., "Server B needs a manual restart every Tuesday").
- File Map: Where are the source files? (Link to the repo, not "It's on my desktop").
The Gatekeeper:
The Manager must Audit this document. If the handover is incomplete, the final exit clearance (and potentially the final discretionary bonus) is withheld until rectified.
Asset Recovery
Hardware assets (Laptops, Oscilloscopes, Badges) are company property. They must be returned in functional condition.
- Digital Wipe: All returned devices must be wiped by IT within 24 hours of return.
- Inspection: Facilities/IT checks for physical damage.
- Financial Hold: The cost of unreturned or damaged equipment (beyond normal wear and tear) will be deducted from the final settlement, where legally invalid.
Offboarding Checklists
Process differs by role type. Use the specific checklist below.
Checklist A: Office / Engineering Roles (IP Focus)
Step | Action Item | Owner | Timing |
01 | Resignation Acceptance Letter (Confirming Last Day). | Manager | Day 0 |
02 | Privileged Access Revocation (Admin/Finance rights). | IT | Day 0 |
03 | Handover Artifact Creation & Review. | Employee | Week -1 |
04 | Client Notification Plan (Who tells the client?). | Manager | Week -1 |
05 | Asset Return (Laptop, Monitor, Peripherals). | IT | Last Day |
06 | Full Access Kill (Email, Slack, VPN). | IT | Last Hour |
Checklist B: Factory / Ops Roles (Safety & Inventory Focus)
Step | Action Item | Owner | Timing |
01 | Shift Coverage Plan (Who takes the shift?). | Shift Lead | Day 0 |
02 | Tool Audit (Return of calibrated tools/keys). | Lead | Week -1 |
03 | PPE Return (ESD Smock, Locker Key). | Admin | Last Day |
04 | Badge Deactivation (Physical Access). | Security | Last Hour |
05 | WIP Handoff (Status of current batches). | Operator | Last Shift |
The "Boomerang" Policy
We treat leavers with dignity. The industry is small. An A-Player who leaves on good terms ("Good Leaver") is a potential future hire or customer.
- Good Leaver: Resigned with notice, completed handover, trained successor. -> Mark as "Eligible for Rehire."
- Bad Leaver: Ghosted, sabotage, refused handover. -> Mark as "Do Not Rehire."
Final Checklist
Control Point | Rule / Standard |
Revocation Speed | Immediate for involuntary. Last Hour for voluntary. |
Knowledge Capture | Written Artifact required. No verbal handovers. |
Privileged Access | Revoke Admin/Finance rights immediately upon resignation notice. |
Asset Check | Verify tools/laptops against the inventory log before the employee leaves. |
Client Comms | Manager controls the narrative. Employee does not blast "Goodbye" emails to clients. |
Security | Badge must be physically collected. Do not let them "mail it in." |