One Step Ahead: Tips for Handling Electronic Access in Employee Termination |
|
October 21, 2014, Volume 61, No. 10 |
Another tip in a series provided by the
Offices of Information Systems & Computing and Audit, Compliance & Privacy
Separating an individual from University employment can be a complicated process, especially with regards to their electronic access. Simply terminating someone in the Payroll system is not sufficient to remove access to all of the computing resources for that person. In a best practices scenario, the employee and their supervisor should work on a transition plan before the employee leaves, including inventorying all electronic access and transferring data to an appropriate data holder. This conversation should involve the Local Support Provider (LSP) as they may have insights into less obvious resources that the employee accesses.
Unexpected separations are more difficult for everyone involved and identifying computing resources the former employee had access to can be daunting. In this situation, bringing HR, the LSP and the local Security Liaison into the conversation as soon as possible will help complete electronic access removal in a timely manner. If the Security Liaison is not available, ISC Information Security (security@isc.upenn.edu) can be the point of contact to coordinate electronic access removal.
There are several resources, included below, that can help in navigating this process, including an Employee Termination Checklist available from ISC Information Security.
Remember, a Payroll system change will not impact access to systems such as BEN Financials, local server account access, VoIP phone management, departmental cloud services, etc.
Resources:
• Employee Exit IT Checklist:
http://www.upenn.edu/computing/security/checklists/employee_exit_form.pdf
• Disposition of Documents and Data of Faculty and Staff who are Leaving Penn or Have Left Penn:
http://www.upenn.edu/oacp/privacy/assets/pdf/DispositionOfDocumentsGuidance.pdf
• Privacy in Electronic Environment:
https://almanac.upenn.edu/archive/v47/n04/OR-eprivacy.html
For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/ |