Overseeing termination or employment changes should involve InfoSec obligations and duties that stay active after employment expiration or changes/transfers, including information privacy, IP, and similar agreements. Information security responsibilities should be found in the individual’s employment agreement or contract and any other contracts that continue after employment. The termination or change of employment process should identify and transfer InfoSec obligations to another employee. The process should involve communicating changes to personnel, relevant parties, and applicable contacts, including external personnel (e.g., suppliers).
Conformance1
Tools for conforming to standards, goals and processes
