4.8 Offboarding, Access Control, and Knowledge Transfer

An employee’s departure is more than an administrative task; it is a critical security event and a significant operational risk. A poorly managed exit creates two major vulnerabilities: the potential for data leakage (active intellectual property theft) and the risk of systemic failure due to lost institutional knowledge.

This chapter outlines the protocol for “closing the loop.” The primary goal of offboarding is to mitigate institutional risk and permanently preserve corporate knowledge. The process must be approached with the same rigor and checklist discipline as onboarding. All access rights must be revoked, and every critical piece of undocumented knowledge must be captured in the central system before the employee’s final day.

The Security Protocol (Access Control)

When an employee leaves the company—whether voluntarily or involuntarily—the immediate priority is maintaining system integrity. Revoking access is a standard, time-sensitive procedure.

The “Revoke First” Principle

Involuntary Exit (Termination): IT and Facilities must revoke all access concurrently with the termination meeting.
- Standard Practice: A terminated employee may return to their desk to collect personal belongings only under direct supervision from management or security. They should not be permitted to log into the network for any reason.
Voluntary Exit (Resignation): Basic email access may remain active during the formal notice period to facilitate handover. However, all “privileged access”—such as administrative rights, financial authorizations, ERP approvals, or code deployment permissions—should be removed as soon as notice is given.
- Rationale: An employee who has resigned represents a potential security risk. Core administrative privileges should never remain with personnel who are in the process of leaving.

Maintaining an Immutable Audit Trail

IT is responsible for generating and archiving a formal “Revocation Log” that confirms the following actions:

The email account has been disabled (or forwarding to the manager has been configured).
VPN and single sign-on (SSO) network access has been terminated.
All costly SaaS licenses (e.g., Salesforce, project management software, Altium, CAD tools) have been reclaimed.
The physical security badge has been deactivated.

Knowledge Transfer (Preserving Institutional Memory)

Traditional exit interviews often focus on subjective feedback. In contrast, a structured “Handover Audit” prioritizes the factual transfer of operational knowledge. From an operational standpoint, the reason for departure is less important than ensuring critical knowledge is not lost.

Mitigating the “Bus Factor”

The core engineering objective of any handover is to ensure that if the departing individual were unavailable tomorrow, the company could continue operating without any disruption or loss of continuity.

Creating the Handover Artifact

The departing employee is required to produce a detailed Transfer Document. This should be a fixed Confluence page or a properly organized shared folder containing:

Open Loops: A complete list of all active projects, their current status, and the immediate next action required for each.
Key Contacts: A map of essential operational dependencies, including critical suppliers and key client stakeholders.
System “Gotchas”: Documentation of any undocumented quirks or procedures in physical or digital systems. (For example: “Server B requires a manual hard restart every Tuesday at 2 AM.”)
The File Map: Explicit locations for all source files and master documents. Direct URL links to the master repository or shared drive are required; references to files stored locally on a desktop are not acceptable.

The Manager’s Role as Gatekeeper

The employee’s direct manager must formally review and approve this Handover Artifact. If the handover is incomplete or of insufficient quality, the manager should delay final clearance (and potentially any discretionary final bonus payments) until the documentation meets the company’s standard.

Physical Asset Recovery

Hardware assets—such as laptops, oscilloscopes, security badges, and calibrated tools—are company property and must be recovered in functional condition.

Secure Data Wipe: All returned digital devices must be securely erased by IT within 24 hours of return to prevent data cross-contamination.
Physical Inspection: Facilities or IT must inspect returned hardware for any physical damage beyond normal wear and tear.
Financial Reconciliation: Where legally permitted, the replacement cost for any unreturned or severely damaged equipment will be deducted from the employee’s final financial settlement.

Offboarding Checklists

The exit process varies by role to address specific risks. The following checklists must be followed.

Checklist A: Office / Hardware Engineering Roles (IP Focus)

Step	Required Action Item	Owner	Timing
01	Formal acceptance of resignation letter (confirming last day).	Manager	Day 0
02	Immediate revocation of privileged access (admin/financial rights).	IT	Day 0
03	Creation and manager review of the comprehensive Handover Artifact.	Employee	Final Week
04	Plan for client notification (who will officially inform the client?).	Manager	Final Week
05	Return of all physical assets (laptop, monitors, specialized peripherals).	IT	Last Day
06	Final revocation of all access (email, Slack, VPN disabled).	IT	Last Hour

Checklist B: Factory / SMT Operations Roles (Safety & Inventory Focus)

Step	Required Action Item	Owner	Timing
01	Plan for shift coverage (who will take over the line shift?).	Shift Lead	Day 0
02	Tool audit and mandatory return of all calibrated tools and keys.	Shift Lead	Final Week
03	Return of physical PPE (e.g., expensive ESD smocks, locker keys).	Admin	Last Day
04	Deactivation of security badge (removing all physical access).	Security	Last Hour
05	Handoff of work-in-progress (exact status check of current board batches).	Operator	Last Shift

The “Boomerang” Policy

While security protocols are enforced rigorously, departing personnel should always be treated with professional respect. The technology and manufacturing sectors operate within interconnected professional networks. A top performer who leaves on excellent terms—a “Good Leaver”—remains a valuable potential future asset, partner, or even customer.

The Good Leaver: Resigned with proper notice, completed a thorough handover artifact, and actively trained their successor. → System Status: “Eligible for Rehire.”
The Bad Leaver: Abruptly left without notice, attempted sabotage, or refused to conduct a proper handover. → System Status: “Do Not Rehire.”

Recap: Offboarding, Access Control, and Knowledge Transfer

Parameter	Requirement	Timing	Owner	Condition
Privileged Access Revocation	Revoke all admin, financial, ERP, and deployment permissions.	Day 0 (Notice Given)	IT	Mandatory for all departures.
Full Access Revocation	Disable email, VPN, SSO, and physical security badge.	Last Hour of Employment	IT	Logged in Revocation Log.
Handover Artifact	Complete document with open loops, key contacts, system gotchas, and file map.	Final Week	Employee	Manager must approve for clearance.
Physical Asset Recovery	Return all hardware (laptop, tools, badge). IT performs secure data wipe within 24h.	Last Day	Employee / IT	Functional condition required; damage may incur cost.
Role-Specific Handoff	Execute role-specific checklist (e.g., shift coverage, tool audit, WIP status).	Per Checklist	Manager / Lead	Required for operational continuity.