This sample provides action steps to consider for protecting an organization’s critical systems and data and secure systems in the event of a terminated employee compromising access control mechanisms.

In this scenario, the maximum interruption to service would be at most a few hours over a period such as overnight to minimize disruption to normal activities. Actions with a priority level of 1 should be acted upon immediately. If the person to be removed has privileged access, then prior consideration should be given to disconnection of systems to protect data in the immediate 12 hours following the termination.