User Access Termination Policy

This document is effective from 25/07/16.

Validity

This policy applies to all Fewzion staff who have been granted any computing/network access during their employment/contract.

Importance of the User Access Termination Process

It is important that electronic communications and data can be retained and properly dis-positioned at the termination of staff to protect and preserve as appropriate the information resources of Fewzion.
This may involve granting permissions to other suitable staff to become data stewards of the communications and resources previously allocated to a departing staff member.

Process of Involuntary Termination

In the case of termination that may be deemed as not in good-will, it is the responsibility of the supervisor / manager of the staff to prepare for the worst case to mitigate any loss of or damage to informational resources including intellectual property.

1. IT staff will immediately alter the terminated staff’s password(s) to prevent access.
2. Any access by the staff after termination to information resources will be approved by the terminated staff’s manager and facilitated by way of data extraction on physical media (i.e. CD or DVD), which will be made available to the terminated staff if deemed appropriate. 
3. Alternately, information may be removed by way of joint review/removal by the terminated staff’s supervisor or manager in the presence of the terminated staff if deemed appropriate by the manager. 
4. Resources will be dis-positioned after termination according to instructions provided by the staff’s supervisor on the IT Termination Checklist (see on Page 2), which will be processed as soon as possible after notification.

Process of Voluntary Termination

In the case of voluntary or good-will termination, account access and resources will normally be modified to deny access by the terminated staff at the end of the day of termination, unless specifically extended if Fewzion deems otherwise. By default, the IT Staff will simply change the password(s) of the departing staff in the systems based on IT Termination Checklist (see below or download here).

IT Termination Checklist 

(To be completed by Supervisor)

Terminating Staff: ______________________________ Date of Termination: ________________
Supervisor: ______________________________ Date: ________________

1. Cleanup
[ ] Prior to termination date, ask staff to request cancellation of e-mail subscriptions and removal of any personal e-mail.

2. E-mail Handling
[ ] User has Personal Folders or Archives on c: drive or Google Drive that need to be archived or deleted or relocated for reference by others. Action: _____________________________________
[ ] Mailbox is to be deleted with no other action? (Senders only get Non-Delivery Report)
Go to step 4 Google Drive Data Disposition if marked to delete
[ ] E-mail forwarding will be defined to an external address of terminated staff:
External address: ________________________________________________________________ Duration of forwarding: ___________________________________________________________
[ ] Future incoming e-mail will be forwarded to another staff/mailbox
Who: _________________________________ until ____________________________________
[ ] E-mail account will remain visible in the Global Address List displayed in Outlook or e-mail client
Until when: ________________________________________________________________________________________
[ ] Mailbox permission will be granted to other suitable staff to access historical contents
Who/Duration? __________________________________________________________________________________________
[ ] Incoming e-mail will receive a server auto-response telling the sender:
[ ] Staff is no longer at Fewzion
[ ] New address to be used by senders in future for personal contact of terminated staff:
_______________________________________________________________________________________________________
[ ] New address to be used by senders in future for Fewzion business ________________________________________________
[ ] That message is being forwarded to __________________________________________________________________________
Requested auto-response text _________________________________________________________________________________
____________________________________________________________________________________________________________
____________________________________________________________________________________________________________
[ ] Non-personal mailbox addresses to be moved to another staff (i.e. account@
____________________________________________________________________________________________________________

3. Desktop/Laptop Data
[ ] Desktop/laptop local files to be saved and moved into Google Drive into what folder: ________________________________________________________________

4. Google Drive Data Disposition
[ ] Create a CD of Google Drive data and give to __________________________________________________________________
[ ] Delete Google drive data
[ ] Grant other users permission to the staff’s Google Drive files
User __________________________________ Permission (Read or Change) ___________________
User __________________________________ Permission (Read or Change) ___________________
[ ] Move users files to common and grant permission to:____________________________________________________________
** password protected/encrypted files **
[ ] Encryption password information has been provided to supervisor for access to encrypted data.

5. Other Access
[ ] Identified any security area / access areas warranting change of access codes and/or alarm codes
[ ] Identified any other accounts staff has possibility of knowing password and change password
Local admin accounts (laptop / desktop / server)____________________________________________________________________
Service accounts: ____________________________________________________________________________________________
Test accounts _______________________________________________________________________________________________
[ ] Cipher combinations that are known and should be changed are located at __________________________________________

6. Other Staff Passwords
[ ] Does Staff know any other staff’s password(s). If so who? _______________________________________________________

7. Fewzion owned items allocated to staff still in staff’s possession needing to be returned
[ ] Mobile phone
[ ] Tablet/PDA/pager
[ ] Smart card or other authentication device
[ ] Other mobile computing device ________________________________
[ ] Laptop computer
[ ] USB Flash Drive (a.k.a. Memory stick, USB stick, thumb drive or pen drive)
[ ] External USB disk drive
[ ] Camera
[ ] Audio/Visual equipment/items checked out
[ ] Held Desk equipment/items checked out
[ ] Other _____________________________________________________

8. Account Handling
[ ] Account disabled according to required timeframe
[ ] Account security group memberships removed
[ ] Account distribution group memberships removed
[ ] Account dial-up capability removed

9. Systems
[ ] Disable Google Drive logon so staff will no longer have access
[ ] Disable LastPass account so staff can’t log in to systems
[ ] Disable accounts to development/test servers so staff can’t log in
[ ] Update staff record to specify end-date of engagement, etc.

10. Other Systems:
Zendesk Access                                [ ] Yes [ ] Account disabled
Jira Access                                       [ ] Yes [ ] Account disabled
Duo Security Access                          [ ] Yes [ ] Account disabled
CRM Insightly Access                        [ ] Yes [ ] Account disabled
XERO Access                                   [ ] Yes [ ] Account disabled
Online Vulnerability Scanner Access   [ ] Yes [ ] Account disabled
Bitdefender Access                            [ ] Yes [ ] Account disabled
ManageEngine Access                       [ ] Yes [ ] Account disabled
Other Access: _____________________________________________________________________