Policies
      Back to home
      1. Knowledge Center
      2. Policies

      Managing Access to Company Information for Terminated Employees

      1. Purpose The purpose of this policy is to ensure that terminated employees no longer have access to ManoByte, Inc. systems, data, and information following their separation from the company. This policy aims to protect sensitive company information

      2. Scope

      This policy applies to all employees, contractors, and any other personnel who have access to ManoByte systems and information. It covers digital assets such as company servers, cloud services, email accounts, project management systems, and any other company tools or platforms.

      3. Procedures

      The following procedures will be followed upon the termination of employment or contract:

      • Notification to IT/Operations: HR or the manager responsible for the termination will immediately notify the IT department and the VP of Operations of the employee’s last working day. This notification must be made no later than the employee’s final day of work.

      • Access Termination: IT will revoke the employee's access to all systems, including:

        • Email (Google Workspace)
        • Project management tools (Teamwork, Asana, etc.)
        • Cloud storage platforms (Google Drive, Dropbox, etc.)
        • HubSpot and other CRM platforms
        • 1Password (password management system)
        • Any other company-specific software or systems

      • Account Deactivation: All company accounts associated with the employee (email, system logins, etc.) will be deactivated within 24 hours of termination. Passwords and credentials will be changed to prevent unauthorized access.

      • Device Management: If the employee was issued company-owned devices (e.g., laptops, mobile devices), they must return the device by shipping it back to the CEO or designated person within 7 days.

      • Cloud Data: Any cloud-stored data the terminated employee had access to will be reviewed to ensure that it does not contain proprietary or sensitive information that should be restricted or deleted.

      • Third-Party Access: If the employee had access to any third-party platforms or services (such as client systems or external vendors), the Operations team will ensure that access is terminated.

      4. Physical Access

      • Office Access: Since the company operates remotely, physical office access is only relevant to the CEO. No other employees have access to physical office spaces, and therefore no action is required in this area.

      5. Post-Termination Review

      • Audit of Access: The VP of Operations will perform a post-termination review within one week of the employee’s departure to ensure that all access has been successfully revoked.
      • Password Changes: IT will ensure that shared accounts (such as those for client systems or team-wide tools) have had their passwords updated if the terminated employee had access to them.

      6. Data Retention

      • As outlined in the Record and Data Destruction Policy, employee records will be retained for the required period (1 year post-termination), after which they will be securely deleted.

      7. Compliance

      Failure to comply with this policy may result in disciplinary actions for the team responsible. Any incidents or breaches of this policy should be reported to the VP of Operations immediately.