Create separation and termination processes
These are processes for ending an individual’s or entity’s engagement or involvement with an organisation.
Why this countermeasure matters
Unclear or inconsistent separation and termination processes may lead to:
- insider threats
- dysfunctional workplace cultures
- fraudsters being reemployed.
How to put this countermeasure in place
Some ways to implement this countermeasure include creating separation and termination processes like:
- separation checklists and reporting for all staff and contractors
- terminating staff or contractors for fraud or misconduct
- cancelling registrations if providers are found to be involved in fraud or misconduct
- expelling suppliers from a procurement panel due to fraud or misconduct.
How to measure this countermeasure's effectiveness
Measure the effectiveness of this countermeasure using the following methods:
- Review processes/guidelines for termination/separation.
- Confirm that staff members, contractors or providers would be terminated or expelled for fraud/non-compliance.
- Confirm that data is captured and reported for all terminations involving fraud/misconduct.
- Identify cases where staff members, contractors or providers have been terminated for fraud/non-compliance.
- Confirm processes are adhered to and reported on by making sure:
- assets are returned
- system access is revoked
- building access is revoked (passes are returned)
- information, documentation and intellectual property is protected.
- Confirm that reasons for termination are recorded by keeping a permanent record for the customer, staff member, contractor, provider or supplier.
- Confirm that termination reasons are shared with other parties with a need-to-know such as informing other organisations or programs of:
- serious or organised fraud
- staff/contractor/vendor terminations for fraud/misconduct.
This type of countermeasure is supported by the below countermeasures: