When a person leaves the place where they worked or studied, they may leave behind logons with access to networks. They may also take with them knowledge of many kinds of passwords outside of the network, such as building security codes or banking passwords.
It is important that steps are taken to disable or negate all of those access privileges when a person leaves, to ensure that security integrity is maintained. Exit Procedures, as they are known, should be in place at every work and school location. An Exit Procedure will also cover other issues such as the recovery of equipment, keys and credit cards.
An effective exit procedure consists of documented standard processes that are carried out for each person who has ceased employment as well as measures to ensure that cessations are detected and reported so the processes will be completed.
There is no reason for an adverse inference to be drawn when a standard exit procedure is carried out after a person has ceased employment. A person who has left a worksite should expect their privileges to be removed and for records to be kept showing they have returned property and keys. It is worth remembering a person who is no longer working at a site is unable to detect the use of their old logon by another person.