Page 15 - Information_Security_Program
P. 15
TERMINATION OF EMPLOYMENT [DP232]
Back to Table of Contents
Scope: Enterprise
Distribution: All employees
Purpose: To ensure only current employees and contractors are able to access information systems.
External Regulation or Standard: 45 CFR 164.308(a)(3)(ii)(C) ‐‐ Workforce Security, 45 CFR 164.308(a)(ii)(C) ‐‐ Security Management
Process
Who is Responsible Statement Policy, Standard, or Procedure Statement
Number
Employees DP232.1 Violations of the organization's data security policies will be subject to the
organization's Corrective Action policies and procedures.
Directors, Managers DP232.2 When an employee or contractor is terminated, the supervisor must complete the IT
and Supervisors, with Termination Form indicating the change. In cases where immediate terminations
Asset Protection, IT occur, the supervisor must also contact the IT Staff and Asset Protection or the store
Staff and or program manager for off‐site locations immediately prior to, or upon termination,
Administrators of to assist with immediate termination to systems and secure areas. The IT Staff will
Managed Systems terminate access to mobile devices connected to the system, including synched
phones.
The IT Staff and Asset Protection must disable access if requested by a director,
manager or supervisor pending formal completion of the IT Termination Form.
If a termination is anticipated (due to resignation or completion of a contract), the
supervisor must complete the IT Termination Form with the projected termination
date and time and submit it at least one week before the termination date for
scheduling. In all cases, the supervisor must complete all items contained in the
Termination To‐Do‐List prior to or immediately upon termination.
The supervisor must also contact administrators of other managed systems
(GoodTrak, Raiser’s Edge, other), to ensure access is immediately terminated to
those systems.
Directors, Managers DP232.3 Access privileges of employees and contractors will be terminated immediately upon
and Supervisors to a job termination. See GESM OFFICE EMPLOYEE TERMINATION CHECKLIST.
request, with Asset
Protection and/or off‐
site Managers and IT
Staff to do.
Directors, Managers DP232.4 When a person leaves employment, that person's supervisor must collect from the
and Supervisors person all assets of the organization such as laptops, phones, electronic media, and
documents. Also see GESM OFFICE EMPLOYEE TERMINATION CHECKLIST.
Directors, Managers DP232.5 When an employee or contractor changes roles within the organization, the
and Supervisors supervisor must complete the IT Job Change Form including limiting previous
permissions if needed, or increasing permissions based on new job responsibilities.
Access privileges must also be changed to ensure the employee or contractor has
appropriate access to facilities and secure areas.
12 | Page
GES CONFIDENTIAL
