Hi,
Need help on the issue after employee left the company. He has been associated with us since 3 years. After last day, he returned company asset but after formatting the laptop which is not acceptable under ISO guidelines. What we can do for it?
Thanks!
Hi Aprajita,
If your IT / Information Security & Management team is taking periodical back ups as per ISO controls, then you can retrieve the data.
If your data management controls are not in place, then it is a trouble if there are critical data loss / unauthorized destruction.
Regards,
Bhuvana Anand
Thanks Bhuvana. Let me know if any legal action can be taken or we can HOLD his FNF by Law?
There are a couple of things which you could take immediate action.
If the appointment order and policies acknowledged (IT policy, NDA, etc.) contain relevant terms to safeguard the company assets and data, then there is a chance to seek an explanation from the employee and hold the F&F till satisfactory resolution of it. However there could be plenty of challenges - how do you prove the employee guilty? The employee can allege that it happened via transit or was committed by the HR/IT team. As the person is no more an employee (maybe not in office as well), it is hard to prove the intention and certainly the misconduct. You may require forensic experts’ assistance. So many further aspects require collective management decisions.
If the organization has incurred data loss, try to arrive at an approximate figure (amount of loss) and then hold the relieving till there is a consensus arrives.
Note: Irrespective of whether you take an action and recover the loss from the ex-employee, it is high time to put some serious effort to set the right policies and procedures. This is to avoid similar occurrences in the future.
Thanks for the details. We have put in NDA and have all corrective measure in place. This will help us to take action. Thanks again.