Personnel Security

PER010

Manage their departure

Managing people’s departure well protects your organisation’s security and reputation.

PERSEC3 - Manage their departure

Manage people’s departure to limit any risk to people, information and assets arising from people leaving your organisation. This responsibility includes ensuring that any access rights, security passes, and assets are returned, and that people understand their ongoing obligations.

When a person leaves your organisation, they retain their knowledge of your business operations, intellectual property, official information, and security vulnerabilities. Managing their departure well will reduce the risk of this knowledge being misused.

Whether a person is leaving by choice or not, a positive exit experience reduces the risk they will misuse their knowledge of your operations, intellectual property, official information, or any security weaknesses.

Baseline departure activities

Remove access rights

Before a person leaves your organisation, you must remove their access to electronic resources, physical resources, and physical sites.

Collect security passes

Make sure the departing person returns all identification cards and access passes, including any tools that allow them remote access to your information management systems.

Make sure assets are returned 

A departing person must return all property that belongs to your organisation. Take particular care with your intellectual property or official information.

Optional actions to consider

If you identify a higher risk associated with a particular role or a person’s circumstances, consider asking them to:

  • complete an exit debrief or interview
  • sign a deed of confidentiality.

Conduct exit interviews

In addition to their broader function exit interviews give you the opportunity to remind the departing person of their obligations to protect your organisation’s information.

Exit interviews are also a good opportunity to allow the affected individual to:

  • discuss their reasons for leaving, and their attitude to your organisation and people
  • surrender any passes or access cards they hold.

Use a deed of confidentiality if the risk is high

A deed of confidentiality may be necessary to protect your organisation’s proprietary information or intellectual property.

Activities for national security clearance holders

When a person who holds a national security clearance leaves your organisation, you must carry out the baseline activities and also:

  • conduct an exit interview
  • transfer or revoke their security clearance
  • debrief them from any sensitive compartmented information briefings they hold
  • notify the New Zealand Security Intelligence Service.

Page last modified: 6/06/2019