Owner: CISO, with CHRO
Effective Date: May 8, 2026
Reviewed: Annually
Frameworks: SOC 2 CC6.1–CC6.3 (timely access removal); ISO/IEC 27001 A.5.11 (return of assets) and A.6.5 (post-termination responsibilities). Implements the Access Control Policy and Human Resources Security Policy.
This procedure ensures that physical and logical access is promptly revoked, company-issued equipment is returned, and any post-termination obligations are clear.

SLAs

Access-termination SLAs match the tiered matrix in the Access Control Policy → Removal & adjustment. Where this procedure and the policy ever appear to disagree, the policy controls.
Separation scenarioAccess termination SLA
Involuntary separation, security incident, or “for cause” terminationWithin 1 hour of HR / Legal / CEO signal; CISO may suspend access immediately on credible threat indicator
Voluntary departure with noticeBy end of last business day (synchronous with the Rippling offboarding workflow)
Role change reducing privileges, or access no longer neededSame business day the change is identified
Highly privileged credentials (production-data access, root cloud accounts, MFA-enrollment authority) are rotated immediately on separation regardless of the cause; SSO session revocation precedes credential rotation. Other SLAs:
  • Device return — within 5 business days for remote employees (return shipping label provided); same-day for in-office staff.

Trigger

CHRO initiates offboarding via the Offboarding intake form — which files into the CHRO offboarding workflow in Linear — as soon as the separation date is confirmed. For involuntary or sensitive terminations, CHRO coordinates with IT and Security in advance, before submitting the form.

Checklist (IT / Security)

  • Disable user in IdP (Rippling).
  • Revoke active sessions / refresh tokens across SaaS apps.
  • Remove from all group memberships.
  • Revoke production / privileged access.
  • Rotate any shared secrets the user had access to.
  • Suspend / forward email per CHRO instruction.
  • Initiate device collection (or remote wipe + reprovision).
  • Run user-access deprovisioning report; file evidence.

Checklist (CHRO)

  • Confirm any post-termination security/confidentiality obligations (NDA, IP assignment) are communicated in writing.
  • Update HRIS to “terminated” — triggers downstream deprovisioning.
  • Recover office keys and any physical access credentials (in-office staff); flag unreturned keys to Security for re-keying.
  • Final paycheck / equity / benefits processing per the CHRO runbook in SharePoint (CHRO folder).

Devices

  • Collected devices are wiped (cryptographically erased and reset) and reprovisioned for the next user. Devices that fail wipe verification, or that are end-of-life, are routed to certified destruction per Records Disposal & Certificates of Destruction.
  • Device images may be retained at the discretion of management for business purposes.
  • For damaged devices that cannot be wiped, an e-waste service with data-destruction certificate is used. COD retained for 1 year.

Records

Offboarding evidence (deprovisioning ticket, signed return form, COD if applicable) is retained for at least 1 year.

Version history

VersionDateDescriptionAuthorApproved by
1.0May 8, 2026Initial versionCameron WolfeIshan Jadhwani