9.3 Departure

People leave jobs—sometimes on their own, and sometimes involuntarily—as a result of many circumstances, including death or physical incapacitation. In any such cases, you should have a defined set of actions for how to handle the departure. This procedure should include shutting down accounts; forwarding email to appropriate parties; changing critical passwords, phone numbers, and combinations; checking voice mail accounts; and otherwise removing access to your systems.

In some environments, this suggestion may be too drastic. In the case of a university, for instance, alumni might be allowed to keep accounts active for months or years after they leave. In such cases, you must determine exactly what access will be allowed and what access will be disallowed. Make certain that the personnel involved know exactly what the limits are.

In other environments, a departure is quite sudden and dramatic. Someone may show up at work, only to find the locks changed and a security guard waiting with a box containing everything that was in the user's desk drawers. The account has already been deleted, all system passwords have been changed, and the user's office phone number is no longer assigned. This form of separation management is quite common in financial service industries, and is understood to be part of the job. Usually, these are employees hired "at will" and with contracts stating that such a course of action may occur for any reason—or no stated reason at all.