A technician is completing the offboarding checklist for an employee whose access ends today. Which of the following actions most directly prevents the former employee from re-entering company premises or using company-owned hardware after departure?
Forward the employee's mailbox to their manager and leave the account enabled for 30 days.
Postpone disabling the employee's VPN account until Human Resources finalizes paperwork.
Change the employee's network password and email it to their personal address for reference.
Collect all company-issued access badges, keys, and portable devices from the employee.
Retrieving all company-issued access badges, keys, laptops, smartphones, and similar devices ensures that no physical token or hardware containing corporate data remains in the former employee's possession. NIST SP 800-53 PS-4 (Personnel Termination) explicitly requires organizations to "retrieve all security-related … property" such as identification cards and hardware tokens. Failing to do so leaves a path for unauthorized physical entry or data extraction, whereas the other options either leave some form of access in place or expose credentials to unnecessary risk.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is collecting company-issued access badges and devices important during offboarding?
Open an interactive chat with Bash
What is NIST SP 800-53 PS-4, and how does it relate to offboarding employees?
Open an interactive chat with Bash
What are the risks of leaving an employee's account enabled after departure?