When a Rossi Enterprises LLC ( REL ) employee, contractor, adviser, or other affiliate ( Member ) is terminated, information resources privileges, both internal and distant, must be disabled or removed by the clip of that person ‘s going.
When Members depart from REL, they must return all REL equipment by the clip of going. A Member who departs from REL must non retain, give away, or take from REL premises any REL information. Particular attending must be paid to state of affairss where a Member has been terminated and poses a hazard to REL information or information resources.
The intent of this policy is to develop a documented procedure for taking entree to personally identifiable information ( PII ) when a Member is terminated from REL.
The range of this policy includes all PII. Furthermore, this policy applies to all sections that use or unwrap PII for any intents.
- Documentation for taking entree to PII for terminated REL Members must be developed and enforced.
- When a REL Member is terminated, information resources privileges, both internal and distant, must be disabled or removed by the clip of that person ‘s going. REL information resource privileges include, but are non limited to, physical entree, workstation and waiter entree, informations entree, web entree, and email entree.
- When Members provide beforehand notice of their purpose to go forth REL, the administrative section and/or the immediate supervisor must give at least two yearss notice to the individuals or sections responsible for REL information resource privileges granted the going Member.
- Receipt and response to notices from Members meaning to go forth REL must be tracked and logged. This certification must supply the undermentioned information and must be firmly maintained:
- The name of the Member
- The day of the month and clip the notice of Member going was received
- The day of the month of planned Member going
- A description of entree to be terminated
- A list of points the Member must return
- The day of the month, clip, and description of actions taken
- All REL Members must hold their information resource privileges automatically disabled after their user ID or entree method has had 90 yearss of inaction ( i.
e. when an external adviser ceases providing services to REL without supplying appropriate presentment ) . All such privileges that are disabled in this mode must be reviewed to guarantee that the inaction is non due to expiration of employment. If expiration is the ground for inaction, there must be a reappraisal of the state of affairs to guarantee that all entree to PII ( or ability to physically entree information ) has been eliminated.
- When Members depart from REL, they must return all REL supplied equipment at the clip of going. Such equipment includes, but is non limited to:
- Portable computing machines
- Cell phones
- Name designation badges
- Building, desk or office keys
- Entree cards
- Security items
- If a departing Member has used cryptanalysis on REL informations, they must do the cryptanalytic keys available to either their supervisor or the Information Security Manager.
- As appropriate, all physical security entree codifications used to protect REL information resources that are known by a departing Member must be deactivated or changed.
- A Member who departs from REL must non retain, give away, or take from REL premises any sensitive or confidential REL information. The Member must return all REL information by the clip of going to either the immediate supervisor or the Information Security Manager.
- When REL Members ‘ employment terminals, their computing machines ‘ resident files must be quickly reviewed by their immediate supervisors to find the appropriate transportation or disposal of any confidential information.
- Particular attending must be paid to state of affairss where a going employee poses a hazard to the information or systems at REL.
If a Member is to be terminated instantly, their information resource privileges must be removed or disabled merely before they are notified of the expiration.
REL ‘s Information Security Manager is responsible for monitoring and implementing this policy.
Review & A ; Renewal
An one-year reappraisal of this policy is required. Additionally, the policy may be reviewed and updated as needed for any of the undermentioned grounds:
- A important alteration within REL ‘s concern maps or information resources occurs
- Stringent Torahs and ordinances that affect REL have been implemented or revised.
Upon expiration of a Member with entree to REL information resources incorporating PII, the Member ‘s supervisor will instantly take the undermentioned actions:
- Reach the Information Technology Department to revoke entree privileges, such as user IDs and watchwords, to REL information resources, PII, and unafraid countries.
- Retrieve all hardware, package, informations, entree control points, and certification issued to or otherwise in the ownership of the Member.
- Arrange for an issue briefing to verify retrieval of all points and to discourse any security/confidentiality concerns with the Member.
- Notify human resources of completion of the expiration process so that the Member can have any concluding wage due.
- Keep records of the expiration process for each Member, including the retrieval of security related points for non less than six old ages from the expiration day of the month.