Job Vacancy Indonesia, Employee, Vacancy
Letting an employee go can be a dirty job, but the IT department must help do it.
It is necessary to involve IT in the employee termination process because a former employee who still has access to a company's network and proprietary corporate data is a security threat.
Moreover, it is smart to conserve certain technological resources, data, and logs in the event that the former employee or company itself decides to pursue litigation.
Finally, it is essential to integrate IT into the process to help ensure that employee termination controls are comprehensive enough to meet relevant Sarbanes-Oxley requirements.
Information security and data retention policies must be company-specific and tailored to the laws under which the company operates. Nevertheless, there are at least three broad IT principles to which a company should adhere when and after terminating an employee.
- Prompt notification of termination.
- Every company should have a strictly enforced policy that clearly states who is to notify whom when someone's employment is ending or has ended. This policy should also mandate that these notifications be given immediately.
An information security contact should be among those who are notified, and this person's responsibilities should entail researching, documenting, and revoking an employee's access to the company's electronically stored proprietary information and its information systems. - Prudent revocation of access.
What to Do When Employment Is Terminated
In the case of a terminated employee, IT should immediately revoke all computer, network, and data access the former employee has. Remote access should also be removed, and the former employee should be dispossessed of all company-owned property, including technological resources like a notebook computer and intellectual property like corporate files containing customer, sales, and marketing information.
However, in the case of an employee whose end of employment is only imminent, IT should consult with the employee's manager, HR, and other key decision-makers to determine the appropriate manner in which to stagger the revocation of access over the person's remaining days of employment.
Just as the granting of access and security clearances should be documented for future reference, the revocation of access should also be documented, especially for legal purposes. The goal, of course, should always be to revoke access in ways that make good business sense financially, technologically, and legally.
Preemptive Preservation of Data
Every company should have data redundancy and retention policies that satisfy its business needs and adhere to applicable laws. Such policies address the backup, restoration, and preservation of corporate data in general.
However, a company should also enact policies that detail when and how IT should go about preserving potentially and particularly sensitive data, records, logs, and other materials that could be of legal significance were the company and former employee to wage a legal battle. It is especially important to do this in the case of a former employee who held a high-level position or left the company under a cloud of suspicion.
The appropriation and application of these three principles should be the collective work of the company's executive staff, IT and HR departments, and legal counsel that specializes in computer forensics and the laws governing the company's use of computing technology.
The results of this cooperative effort should be greater protection of corporate data as well as better preparedness for litigation regarding corporate data theft, hacking, and other forms of illegal or ill-advised uses of computing technology.
Tidak ada komentar:
Posting Komentar