Offboarding

​

SLAs

• Access termination — within 24 business hours of separation. Critical / high-privilege access is revoked immediately for involuntary terminations.
• Device return — within 5 business days for remote employees (return shipping label provided); same-day for in-office staff.

​

Trigger

​

Checklist (IT / Security)

• Disable user in IdP (Rippling).
• Revoke active sessions / refresh tokens across SaaS apps.
• Remove from all group memberships.
• Revoke production / privileged access.
• Rotate any shared secrets the user had access to.
• Suspend / forward email per CHRO instruction.
• Initiate device collection (or remote wipe + reprovision).
• Run user-access deprovisioning report; file evidence.

​

Checklist (CHRO)

• Confirm any post-termination security/confidentiality obligations (NDA, IP assignment) are communicated in writing.
• Update HRIS to “terminated” — triggers downstream deprovisioning.
• Final paycheck / equity / benefits processing per the CHRO runbook in Notion.

​

Devices

• Collected devices are wiped (cryptographically erased and reset) and reprovisioned for the next user. Devices that fail wipe verification, or that are end-of-life, are routed to certified destruction per Records Disposal & Certificates of Destruction.
• Device images may be retained at the discretion of management for business purposes.
• For damaged devices that cannot be wiped, an e-waste service with data-destruction certificate is used. COD retained for 1 year.

​

Records

​

Version history