graphgrc

PEO-03: Offboarding

Objective

Protect company assets during employee departure.

Description

Access is revoked immediately upon termination. Company property is returned. Exit interviews cover confidentiality and data handling obligations. Terminated employee accounts are monitored.

Implementation Details

Immediate Access Revocation: HR notifies IT of termination. SCIM automatically disables SSO account within 1 hour. AWS, GitHub, other access removed.

Property Return: Employee returns laptop, Yubikey, badges. Equipment wiped and returned to inventory.

Exit Process: Manager and HR complete offboarding checklist. Exit interview covers non-disclosure agreement and return of confidential data.

Monitoring: Terminated employee accounts monitored for 30 days for attempted access. Alerts escalated to security team.

Examples

• Terminated employee account disabled in Okta within 30 minutes of HR notification
• Returned MacBook wiped via MDM remote wipe command, FileVault recovery key used
• Exit interview checklist completed for all voluntary and involuntary terminations
• Attempted login by terminated employee blocked and security team notified

Audit Evidence

• Offboarding procedure
• Termination and access revocation logs
• Exit interview documentation
• Equipment return records

---

Framework Mapping

SOC 2

• CC6.3 ^[Immediate access revocation upon termination prevents unauthorized access by former employees]

GDPR

• Article 32 ^[Offboarding procedures ensure terminated employees can no longer access personal data]

---

Referenced By

This section is automatically generated by make generate-backlinks. Do not edit manually.

Standards:

• SaaS IAM Standard ^[Automated deprovisioning via SCIM completed within 1 hour of termination]

Processes:

• Access Review Process ^[Reviews verify terminated employees have no remaining access]

This site is open source. Improve this page.