Risk Management and Human Resources: After Employment
Reputation Risk Management: An Introduction
Risk Management and Social Engineering
Similar to the “during employment” phase, risk managers should collaborate with the human resource department after an employee is terminated or changes employment. Of the three phases of risk management and human resource collaboration, the after employment phase is the most logical.
It is important that you address the risk associated with terminating an employee. This process can introduce threats to the organization on multiple levels, including information security, physical security, as well as reputation, to name a few. When employees leave your organization, or transfer to a new department, it is important to ensure the exit process is handled in a systematic manner. The human resource department should work with the risk management team to develop processes that ensure the return of all assets and equipment, as well as the removal of access rights.
Assets in which a terminated employee or an employee who is changing employment operates, uses, or processes should be tracked throughout the term of their employment. Upon termination or employment change, these assets should be returned promptly. It is important to formalize this process to limit the threat of loss, theft, or unauthorized copying of information owned by the organization.
This process should also include a return of any assets, information, or documents the employee may have possession of, whether on personal devices or in the form of knowledge. It is important that the human resource department collects this material upon termination of employment.
As stated this is a logical process to have in place, as the risk of stole or loss assets becomes introduced. The physical asset loss is critical itself, but in today’s environment, most assets hold digital information that is in some cases more valuable than the physical asset itself. In a non-hostile termination, the return of an asset may not seem critical to some. However, this is something that needs to be handled promptly by the human resource department.
The next step is the removal of access rights. Removal of access rights is essential, especially in the case of a hostile termination. We all know human behavior is unpredictable at best, by removing access rights to formal employees you lessen the chance for retaliation in the case of a hostile termination. The risk management team and human resources department should ensure that all avenues of access are removed, both physical and digital. It is important that the level of access is tracked during employment, in order to ensure all access rights are halted upon termination.
Nondisclosure agreements and non-compete agreements must also be considered when terminating employees or employees elect to leave your organization. These documents can protect the organization’s intellectual property and competitive advantages. A policy of protection and security with both your organization and its people in mind will go a long way in protecting it against human factor threats.
In this series on risk management and human resources we have provided an overview of the steps that should be taken in order to limit threats from employees. We understand we have only scratched the surface of this topic, as there are many theories and models on the development of human resource policies that embed risk management.
