PS-04-727 Personnel Termination

Personnel Termination

PS-04-727
Personnel Termination
Personnel Security
Protect
Personnel Security
LOW, MOD, HIGH
P1
Yes
February 15, 2018

The directory service administrator disables employee access to Agency information resources immediately upon notification of termination, either via automated process or by notification from the Human Resources department. All active user accounts are audited daily against current employee status to ensure terminated employees do not retain access to enterprise information resources.

Information resource owners are responsible for retrieving property from terminated employees.

Security breaches occur during employment terminations or changes due to lack of defined management responsibilities for these situations.
The organization, upon termination of individual employment: a. Disables information system access within [Assignment: organization-defined time period]; b. Terminates/revokes any authenticators/credentials associated with the individual; c. Conducts exit interviews that include a discussion of [Assignment: organization-defined information security topics]; d. Retrieves all security-related organizational information system-related property; e. Retains access to organizational information and information systems formerly controlled by terminated individual; and f. Notifies [Assignment: organization-defined personnel or roles] within [Assignment: organization-defined time period].
Employee access is revoked upon termination of employment.
The state organization, upon termination of individual employment, terminates information system access, retrieves all organizational information system-related property, and provides appropriate personnel with access to official records created by the terminated employee that are stored on organizational information systems.
Obtain personnel security policy; procedures addressing personnel termination; records of personnel termination actions; list of information system accounts; other relevant documents or records and ascertain if : (I)the organization terminates information system access upon termination of individual employment. (ii)the organization conducts exit interviews of terminated personnel. (iii)the organization retrieves all organizational information system-related property from terminated personnel. (iv)the organization retains access to official documents and records on organizational information systems created by terminated personnel.