Need help on the issue after employee left the company. He has been associated with us since 3 years. After last day, he returned company asset but after formatting the laptop which is not acceptable under ISO guidelines. What we can do for it?
There are a couple of things which you could take immediate action.
This is a clear gap in the IT/IS process in place. The IT team was supposed to take periodical backups and also should have anticipated such risks.
If no explicit clauses are referring to the return of company assets in good condition, reporting of system complaints and other issues in a proper manner, etc., and if not included such relevant clauses in policies and appointment orders, it is one of the next important tasks to immediately take up.
If the conduct, discipline, and appeal rules are not set (like standing orders), it is also another task to schedule. For disciplinary action, organizations require such explicit written rule books.
If the appointment order and policies acknowledged (IT policy, NDA, etc.) contain relevant terms to safeguard the company assets and data, then there is a chance to seek an explanation from the employee and hold the F&F till satisfactory resolution of it. However there could be plenty of challenges - how do you prove the employee guilty? The employee can allege that it happened via transit or was committed by the HR/IT team. As the person is no more an employee (maybe not in office as well), it is hard to prove the intention and certainly the misconduct. You may require forensic experts’ assistance. So many further aspects require collective management decisions.
If the organization has incurred data loss, try to arrive at an approximate figure (amount of loss) and then hold the relieving till there is a consensus arrives.
Note: Irrespective of whether you take an action and recover the loss from the ex-employee, it is high time to put some serious effort to set the right policies and procedures. This is to avoid similar occurrences in the future.