Employee termination security policy

• Policy owner: Pedro Piñera Buendía
• Effective Date: 03.01.2025

Purpose

This policy ensures the secure handling of company assets and information when an employee departs from Tuist GmbH. The policy defines procedures to mitigate any security risks associated with terminated employees, including the revocation of access, return of assets, and preservation of confidentiality.

Scope

This policy applies to all employees, contractors, and temporary workers who have been granted access to Tuist GmbH’s systems, data, and physical assets.

General Requirements

Upon termination of employment, Tuist GmbH shall:

1. Revoke Access: All access to company systems, networks, applications, and data shall be revoked immediately upon the termination of an employee’s contract. This includes the deactivation of all user accounts, password access, and physical keys.

2. Return of Company Assets: All company-owned equipment, including but not limited to laptops, mobile devices, access cards, and documents, shall be returned to the company in a timely manner.

3. Data Security: Any sensitive data in the possession of the terminated employee, whether stored physically or digitally, must be returned, deleted, or encrypted in accordance with company data protection procedures.

4. Non-Disclosure and Confidentiality: The terminated employee shall continue to be bound by any non-disclosure agreements (NDAs) and confidentiality commitments made during their employment. They must not disclose, distribute, or use confidential company or customer data.

Procedures

1. Revocation of Access:

   • IT department shall revoke system access, including email accounts, cloud storage, internal databases, and third-party software services.
   • All physical access credentials (e.g., office keys, ID badges) shall be returned to HR or the security team.

2. Exit Interviews:

   • An exit interview should be conducted to remind the employee of their ongoing obligations regarding confidentiality and intellectual property protection.
   • Documentation of the termination process, including the return of assets and revocation of access, should be kept for auditing purposes.

3. Documentation:

   • All actions taken during the termination process should be documented in the employee’s termination file.
   • A signed acknowledgment of the return of assets and completion of security procedures should be obtained from the employee.

Violations & Enforcement

Any failure to comply with this policy may result in the following actions:

• Immediate revocation of access to company systems.
• Disciplinary action in accordance with Tuist GmbH's procedures, up to and including legal action for the breach of confidentiality or misuse of company data.

Exceptions

Requests for exceptions to this policy must be submitted in writing to the HR Manager and the IT Manager for review and approval.

Version History

The version history of this document can be found in Tuist's handbook repository.