Employee termination
Last updated: Jun 16, 2026
This document details the protocol we follow each time a talent leaves the company.
High-level procedure
- The Administration team prepares termination paperwork for cases in which it applies (letter of dismissal, reports, inventory list, among others).
- Terminated employees are dismissed in Okta, Time Doctor, Google Suite, EasyLlama, and applications based on their role, to remove logical access.
- We communicate with relevant stakeholders and identify hand-off plans for cases in which it applies.
- Terminated employees must return Fluid Attacks-owned hardware, which is sanitized as needed.
- We settle any pending financial obligations, such as expense reimbursements and final payroll.
Logical access to systems
The Administrative Director requests the deactivation of corporate systems through the Help channel. The Head of Technology or the Security Manager must deactivate all other access the terminated employee because of their role. The following are systems to which access is revoked:
- Okta
- Google Suite
- EasyLlama
- Time Doctor
- Iru (if applies)
- Other tools/systems, depending on the role
Physical access
The Administrative Director requests the laptop access deactivation.
Hardware return
The Administration team collects the hardware assigned to the talent:
- Laptop
- Keyboard
- Mouse
- Any other devices assigned by Fluid Attacks (if applies)
Exit reminder
As part of the offboarding process, we send leaving employees an email on their last day to remind them of their security commitments following their departure, which were agreed to in a non-disclosure agreement. This message is sent to their personal email address, as their Fluid Attacks account is deactivated. The reminder text contains a statement along the lines of the following:
"You will remain bound by the confidentiality agreement (NDA) you signed previously during the onboarding process, which includes:
- Maintaining the confidentiality of all of Fluid Attacks' proprietary information
- Not disclosing any customer data or sensitive information acquired during your employment
- Not retaining any company documents or data, whether in physical or electronic form"
Other secure authorization measures
Authorization for clients
The Fluid Attacks platform has role-based access control (RBAC) at the organization and group levels for each project to protect client data.
Endpoints
Fluid Attacks secures laptops and mobile phones with MDM, including hardening profiles, removable media restrictions, auditing, and inventory controls.