Skip to Content
logo

Docs

  • Home
  • Quick start
    • FAQ
      • Billing
      • Integrations
      • Platform
      • Scanner
      • Ask our pentesters to explain a vulnerability
      • Fix code with gen AI from the IDE
      • See safe dependency versions
      • Import repositories to test
      • Invite team members to sign up
      • Billing for the Advanced plan
      • Continuous Hacking free trial, plans and pricing
      • Continuous Hacking methodology
      • Continuous Hacking PoV
      • CVSSF metric
      • Glossary
      • Main website
      • Platform demo
      • Tutorial videos
      • What is DAST?
      • What is SAST?
      • What is SCA?
      • Assign vulnerability remediation to a team member
      • See details of the reported security vulnerabilities
    • Sign up to Fluid Attacks
      • Break the build
      • Install CI Gate to break the build
      • Verify whether a fix was successful
  • Find and fix
    • Use the platform
        • Sign-up and login
        • Interface and sections
        • Groups section
        • Group configuration
        • Create and delete groups
        • Create another organization
        • Portfolios
        • ToE and SBOM
        • Register payment method
        • Members
        • Understand roles
        • Group authors
        • Organization authors
        • Repositories
        • Import them with OAuth
        • Repositories out of scope
        • Credentials
        • Environments
        • Resolve events
        • Vulnerabilities section
        • Examine the evidence
        • Supply chain analysis
        • Reachability analysis
        • Vulnerability signature
        • CVSS score adjustment
        • Correlate threat models
        • Assign treatments
        • Assigned tasks
        • Verify with reattacks
        • False positive requests
      • Help options
        • AI Agent
        • Live chat
        • Email
        • Comments
        • Talk to a Pentester
        • Tutorial videos or demo
        • Vulnerability reporting
        • Standard compliance
        • ZTNA logs
        • Recent downloads
        • Common analytics
        • Organization analytics
        • Group analytics
        • Portfolio analytics
        • Chart options
        • CI Gate configuration
        • CI Gate executions
        • Security gates
        • Vulnerability acceptance
        • Prioritization attributes
        • Explore the user menu
        • Enable and disable notifications
        • Subscribe to News
        • Leave a group
      • See vulnerabilities
        • Fluid Attacks' scanners
        • OWASP Benchmark results
        • Your feedback
      • Use the scanners
        • Local run
        • CI/CD integration
        • Understanding outputs
        • Findings exclusion
      • Use a configuration file
        • SAST scanner
        • SCA scanner
        • DAST scanner
        • APK scanner
      • Automatic remediation
      • Custom remediation guides
      • Introduction to Sorts
      • Sorts user guide
      • Connection mechanisms
      • Cloud connection
      • Egress connection
      • Connector connection
      • Types of authentication
      • AWS CodeCommit
    • Service-level agreement
      • Availability SLA
      • Response SLA
      • Accuracy SLA
      • False negatives
      • False positives
      • Scope
    • Support information
      • Changelog
        • 2023
        • 2024
        • 2025
        • 2026
      • Roadmap
      • AI functions
      • Attack surfaces
      • Binaries
      • Browsers
      • CI/CD
      • Clouds
      • CVEs for reachability
      • Evidence formats
      • Frameworks
      • IDE functionalities
      • Languages
      • Languages for fixes
      • Package managers
      • Remediation
      • SCM systems
      • Secrets
      • Standards
      • Ticketing systems
      • Documentation sections
  • Integrations
      • Bug-tracking systems
      • Tools and integrations
      • Access Talk to a Pentester and help from Jira issues
      • Automate Jira issue creation
      • Create Jira issues for vulnerabilities
      • Go to vulnerability evidence and more from Jira issues
      • Install the Fluid Attacks app for Jira Cloud
      • Link vulnerabilities to Jira issues or unlink them
      • Request reattacks from Jira issues
      • Set up the Jira integration
      • Set up the Azure DevOps integration
      • Set up the GitLab integration
    • VS Code
      • Functions
      • Troubleshooting
      • Identify and address vulnerabilities from IntelliJ
      • Install the IntelliJ plugin
      • Identify and address vulnerabilities from Cursor
      • Install the Cursor extension
      • AWS Marketplace integration
    • MCP server
      • Installation
      • Capabilities and use cases
      • Docker installation
    • PR/MR scanner
      • For GitLab
      • For Azure DevOps
      • Troubleshooting
      • File exclusion
    • API
      • Learn the basics
    • Webhooks
  • Stack
      • Bash
      • Python
      • Terraform
      • TypeScript
      • Ariadne
      • Commitlint
      • D3
      • Docker
      • ESLint
      • GraphQL
      • Hypercorn
      • Kubernetes
      • Labels
      • Mypy
      • Nix Flakes
      • Platform audit logs
      • Platform authentication
      • Platform authorization
      • Pydantic
      • Pydantic AI
      • React
      • Ruff
      • Sops
      • Starlette
      • Tree-sitter
      • Visual Studio Code
      • AWS
      • Batch
      • Bedrock
      • BigCodeBench
      • BugSnag
      • Checkly
      • Claude 3.5 Sonnet
      • Cloudflare
      • CloudWatch
      • Cost Management
      • Datadog
      • dbt
      • DynamoDB
      • EBS
      • EC2
      • EKS
      • ELB
      • Engineering metrics
      • ePayco
      • EventBridge
      • GitLab
      • GitLab CI
      • Google Workspace
      • IAM
      • Jamf
      • KMS
      • Lambda
      • LogRocket
      • Okta
      • OpenAI
      • OpenSearch
      • Organizations
      • QuickSight
      • S3
      • SageMaker
      • Snowflake
      • Statuspage
      • Step Functions
      • Stripe
      • Treli
      • Ubiquiti
      • Vanta
      • Voyage AI
      • VPC
      • VPN
      • Zoho One
      • Zoho Sign
    • Pentesting tools
  • Compliance
    • Authentication
      • Clients
      • Password policies
      • Staff
    • Authorization
      • Access revocation
      • Clients
      • Employee termination
      • Endpoints
      • Secret rotation
      • Sessions
      • Staff
    • Availability
      • Distributed apps
      • Distributed firewall
      • Everything backed up
      • Multiple zones
      • Recovery objective
    • Confidentiality
      • Device (re)enrolling
      • Direct hiring
      • Encryption at rest
      • Encryption in transit
      • No personal gain
      • Personnel NDA
      • Secure deletion
    • Integrity
      • Applicant evaluation
      • Awareness
      • Certification Hub
      • Certified cloud provider
      • Certified security analysts
      • Comprehensive reporting
      • Developing for integrity
      • Monitoring
      • Production data isolation
      • Secure emails
      • SLSA compliance
      • Standard timezone
      • Static website
      • Training plan
    • Non-repudiation
      • Everything as code
      • Extensive logs
    • Privacy
      • Data privacy policy
      • Data retention policy
      • Data use policy
      • Email obfuscation
      • Time tracking
      • Manual for the NDR
      • Subprocessor OpenAI
      • OTR messaging
      • Polygraph tests
      • Project pseudonymization
      • Data transmission
      • Unsubscribe email
      • Use of cookies
    • Resilience
      • Continuity and recovery
      • Equipment and telecommuting
      • Everything is decentralized
      • Redundant roles
    • Transparency
      • Complaint management
      • Data leakage policy
      • Ethics hotline
      • Help channel
      • Incident management
      • Information security responsibility
      • Open source
      • Quality policy
      • Status page
      • Testing our technology
      • Vulnerability releasing
  • Compare
    • 42Crunch
    • 7 Way Security
    • Aikido
    • Anvil Secure
    • Apiiro
    • AppCheck
    • Appdome
    • Appknox
    • Aqua
    • Armorcode
    • Arnica
    • Astra
    • Backslash
    • Base4
    • Bishop Fox
    • Black Duck
    • Black Hills
    • Breachlock
    • Bright Security
    • Burp Suite
    • Checkmarx
    • CloudGuard
    • Cobalt
    • Codacy
    • Conviso
    • Cure53
    • Cycode
    • Cyscope
    • Cyver
    • Data Theorem
    • DataDog
    • DeepSource
    • DefectDojo
    • Detectify
    • Devel
    • Dynatrace
    • Edgescan
    • Endor Labs
    • Evolve Security
    • Faraday Security
    • FortiDevSec
    • Fortify
    • GitHub Advanced Security (GHAS)
    • Ghost Security
    • GitLab Ultimate
    • GuardRails
    • HackerOne
    • Hackmetrix
    • Hadrian
    • HCL AppScan
    • Heeler
    • Hopper Security
    • ImmuniWeb
    • Inspectiv
    • Intigriti
    • Intruder
    • Invicti
    • JFrog
    • Jit
    • Kiuwan
    • Legit Security
    • Mandiant
    • Mend
    • Mindgard
    • Moderne
    • NetSPI
    • NowSecure
    • Nucleus Security
    • Oligo Security
    • Orca Security
    • Oversecured
    • OX Security
    • Phoenix Security
    • PlexTrac
    • Praetorian
    • Prancer
    • Prisma Cloud
    • Probely
    • Prowler
    • ReversingLabs
    • RunSybil
    • Runzero
    • Safety
    • Securitum
    • Seemplicity
    • Semgrep
    • Snyk
    • Socket
    • SonarQube
    • Sonatype Lifecycle
    • SOOS
    • StackHawk
    • Strike
    • Synacktiv
    • Tenable Nessus
    • ThreatModeler
    • Veracode
    • White Jaguars
    • Wiz
    • Xygeni
    • ZAP
    • ZeroPath
  • Log in to the platform 
  • Home
  • Quick start
    • FAQ
      • Billing
      • Integrations
      • Platform
      • Scanner
      • Ask our pentesters to explain a vulnerability
      • Fix code with gen AI from the IDE
      • See safe dependency versions
      • Import repositories to test
      • Invite team members to sign up
      • Billing for the Advanced plan
      • Continuous Hacking free trial, plans and pricing
      • Continuous Hacking methodology
      • Continuous Hacking PoV
      • CVSSF metric
      • Glossary
      • Main website
      • Platform demo
      • Tutorial videos
      • What is DAST?
      • What is SAST?
      • What is SCA?
      • Assign vulnerability remediation to a team member
      • See details of the reported security vulnerabilities
    • Sign up to Fluid Attacks
      • Break the build
      • Install CI Gate to break the build
      • Verify whether a fix was successful
  • Find and fix
    • Use the platform
        • Sign-up and login
        • Interface and sections
        • Groups section
        • Group configuration
        • Create and delete groups
        • Create another organization
        • Portfolios
        • ToE and SBOM
        • Register payment method
        • Members
        • Understand roles
        • Group authors
        • Organization authors
        • Repositories
        • Import them with OAuth
        • Repositories out of scope
        • Credentials
        • Environments
        • Resolve events
        • Vulnerabilities section
        • Examine the evidence
        • Supply chain analysis
        • Reachability analysis
        • Vulnerability signature
        • CVSS score adjustment
        • Correlate threat models
        • Assign treatments
        • Assigned tasks
        • Verify with reattacks
        • False positive requests
      • Help options
        • AI Agent
        • Live chat
        • Email
        • Comments
        • Talk to a Pentester
        • Tutorial videos or demo
        • Vulnerability reporting
        • Standard compliance
        • ZTNA logs
        • Recent downloads
        • Common analytics
        • Organization analytics
        • Group analytics
        • Portfolio analytics
        • Chart options
        • CI Gate configuration
        • CI Gate executions
        • Security gates
        • Vulnerability acceptance
        • Prioritization attributes
        • Explore the user menu
        • Enable and disable notifications
        • Subscribe to News
        • Leave a group
      • See vulnerabilities
        • Fluid Attacks' scanners
        • OWASP Benchmark results
        • Your feedback
      • Use the scanners
        • Local run
        • CI/CD integration
        • Understanding outputs
        • Findings exclusion
      • Use a configuration file
        • SAST scanner
        • SCA scanner
        • DAST scanner
        • APK scanner
      • Automatic remediation
      • Custom remediation guides
      • Introduction to Sorts
      • Sorts user guide
      • Connection mechanisms
      • Cloud connection
      • Egress connection
      • Connector connection
      • Types of authentication
      • AWS CodeCommit
    • Service-level agreement
      • Availability SLA
      • Response SLA
      • Accuracy SLA
      • False negatives
      • False positives
      • Scope
    • Support information
      • Changelog
        • 2023
        • 2024
        • 2025
        • 2026
      • Roadmap
      • AI functions
      • Attack surfaces
      • Binaries
      • Browsers
      • CI/CD
      • Clouds
      • CVEs for reachability
      • Evidence formats
      • Frameworks
      • IDE functionalities
      • Languages
      • Languages for fixes
      • Package managers
      • Remediation
      • SCM systems
      • Secrets
      • Standards
      • Ticketing systems
      • Documentation sections
  • Integrations
      • Bug-tracking systems
      • Tools and integrations
      • Access Talk to a Pentester and help from Jira issues
      • Automate Jira issue creation
      • Create Jira issues for vulnerabilities
      • Go to vulnerability evidence and more from Jira issues
      • Install the Fluid Attacks app for Jira Cloud
      • Link vulnerabilities to Jira issues or unlink them
      • Request reattacks from Jira issues
      • Set up the Jira integration
      • Set up the Azure DevOps integration
      • Set up the GitLab integration
    • VS Code
      • Functions
      • Troubleshooting
      • Identify and address vulnerabilities from IntelliJ
      • Install the IntelliJ plugin
      • Identify and address vulnerabilities from Cursor
      • Install the Cursor extension
      • AWS Marketplace integration
    • MCP server
      • Installation
      • Capabilities and use cases
      • Docker installation
    • PR/MR scanner
      • For GitLab
      • For Azure DevOps
      • Troubleshooting
      • File exclusion
    • API
      • Learn the basics
    • Webhooks
  • Stack
      • Bash
      • Python
      • Terraform
      • TypeScript
      • Ariadne
      • Commitlint
      • D3
      • Docker
      • ESLint
      • GraphQL
      • Hypercorn
      • Kubernetes
      • Labels
      • Mypy
      • Nix Flakes
      • Platform audit logs
      • Platform authentication
      • Platform authorization
      • Pydantic
      • Pydantic AI
      • React
      • Ruff
      • Sops
      • Starlette
      • Tree-sitter
      • Visual Studio Code
      • AWS
      • Batch
      • Bedrock
      • BigCodeBench
      • BugSnag
      • Checkly
      • Claude 3.5 Sonnet
      • Cloudflare
      • CloudWatch
      • Cost Management
      • Datadog
      • dbt
      • DynamoDB
      • EBS
      • EC2
      • EKS
      • ELB
      • Engineering metrics
      • ePayco
      • EventBridge
      • GitLab
      • GitLab CI
      • Google Workspace
      • IAM
      • Jamf
      • KMS
      • Lambda
      • LogRocket
      • Okta
      • OpenAI
      • OpenSearch
      • Organizations
      • QuickSight
      • S3
      • SageMaker
      • Snowflake
      • Statuspage
      • Step Functions
      • Stripe
      • Treli
      • Ubiquiti
      • Vanta
      • Voyage AI
      • VPC
      • VPN
      • Zoho One
      • Zoho Sign
    • Pentesting tools
  • Compliance
    • Authentication
      • Clients
      • Password policies
      • Staff
    • Authorization
      • Access revocation
      • Clients
      • Employee termination
      • Endpoints
      • Secret rotation
      • Sessions
      • Staff
    • Availability
      • Distributed apps
      • Distributed firewall
      • Everything backed up
      • Multiple zones
      • Recovery objective
    • Confidentiality
      • Device (re)enrolling
      • Direct hiring
      • Encryption at rest
      • Encryption in transit
      • No personal gain
      • Personnel NDA
      • Secure deletion
    • Integrity
      • Applicant evaluation
      • Awareness
      • Certification Hub
      • Certified cloud provider
      • Certified security analysts
      • Comprehensive reporting
      • Developing for integrity
      • Monitoring
      • Production data isolation
      • Secure emails
      • SLSA compliance
      • Standard timezone
      • Static website
      • Training plan
    • Non-repudiation
      • Everything as code
      • Extensive logs
    • Privacy
      • Data privacy policy
      • Data retention policy
      • Data use policy
      • Email obfuscation
      • Time tracking
      • Manual for the NDR
      • Subprocessor OpenAI
      • OTR messaging
      • Polygraph tests
      • Project pseudonymization
      • Data transmission
      • Unsubscribe email
      • Use of cookies
    • Resilience
      • Continuity and recovery
      • Equipment and telecommuting
      • Everything is decentralized
      • Redundant roles
    • Transparency
      • Complaint management
      • Data leakage policy
      • Ethics hotline
      • Help channel
      • Incident management
      • Information security responsibility
      • Open source
      • Quality policy
      • Status page
      • Testing our technology
      • Vulnerability releasing
  • Compare
    • 42Crunch
    • 7 Way Security
    • Aikido
    • Anvil Secure
    • Apiiro
    • AppCheck
    • Appdome
    • Appknox
    • Aqua
    • Armorcode
    • Arnica
    • Astra
    • Backslash
    • Base4
    • Bishop Fox
    • Black Duck
    • Black Hills
    • Breachlock
    • Bright Security
    • Burp Suite
    • Checkmarx
    • CloudGuard
    • Cobalt
    • Codacy
    • Conviso
    • Cure53
    • Cycode
    • Cyscope
    • Cyver
    • Data Theorem
    • DataDog
    • DeepSource
    • DefectDojo
    • Detectify
    • Devel
    • Dynatrace
    • Edgescan
    • Endor Labs
    • Evolve Security
    • Faraday Security
    • FortiDevSec
    • Fortify
    • GitHub Advanced Security (GHAS)
    • Ghost Security
    • GitLab Ultimate
    • GuardRails
    • HackerOne
    • Hackmetrix
    • Hadrian
    • HCL AppScan
    • Heeler
    • Hopper Security
    • ImmuniWeb
    • Inspectiv
    • Intigriti
    • Intruder
    • Invicti
    • JFrog
    • Jit
    • Kiuwan
    • Legit Security
    • Mandiant
    • Mend
    • Mindgard
    • Moderne
    • NetSPI
    • NowSecure
    • Nucleus Security
    • Oligo Security
    • Orca Security
    • Oversecured
    • OX Security
    • Phoenix Security
    • PlexTrac
    • Praetorian
    • Prancer
    • Prisma Cloud
    • Probely
    • Prowler
    • ReversingLabs
    • RunSybil
    • Runzero
    • Safety
    • Securitum
    • Seemplicity
    • Semgrep
    • Snyk
    • Socket
    • SonarQube
    • Sonatype Lifecycle
    • SOOS
    • StackHawk
    • Strike
    • Synacktiv
    • Tenable Nessus
    • ThreatModeler
    • Veracode
    • White Jaguars
    • Wiz
    • Xygeni
    • ZAP
    • ZeroPath
  • Log in to the platform 

On This Page

  • High-level process
  • Logical access to systems
  • Physical access
  • Hardware return
  • Exit reminder
  • Other secure authorization measures
ComplianceAuthorizationEmployee termination

Employee termination

Last updated: Mar 5, 2026

This document details the protocol Fluid Attacks follows each time a talent leaves the company.

High-level process

  • The administrative team prepares termination paperwork for cases in which it applies (letter of dismissal, reports, inventory list, among others).
  • Terminated employees are dismissed in OKTA, Time Doctor, Google Suite, EasyLlama, and applications based on the role, to remove logical access.
  • Communicate with relevant stakeholders and identify hand-off plans for cases in which it applies.
  • Return hardware and sanitize as needed.
  • Wrap up financial items.

Logical access to systems

The Administrative Director requests the deactivation of corporate systems through the Help channel. Based on the role, the Head of Service or the Security Manager should deactivate some other access. The following are systems to which access is revoked:

  • Okta
  • Google Suite
  • EasyLlama
  • Time Doctor
  • JAMF (if applies)
  • Other tools/systems, depending on the role

Physical access

The Administrative Director requests the laptop access deactivation.

Hardware return

The administrative team collects the hardware assigned to the talent:

  • Laptop
  • Keyboard, mouse and any other devices assigned by Fluid Attacks (if applies)

Exit reminder

As part of the offboarding process, Fluid Attacks sends leaving employees an email on their last day to remind them of their security commitments following their departure, which were agreed to in a non-disclosure agreement . This message is sent to their personal email address, as their Fluid Attacks account is deactivated. The reminder text contains a statement along the lines of the following:

“You will remain bound by the confidentiality agreement (NDA) you signed previously during the onboarding process, which includes:

  • Maintaining the confidentiality of all of Fluid Attacks’ proprietary information
  • Not disclosing any customer data or sensitive information acquired during your employment
  • Not retaining any company documents or data, whether in physical or electronic form”

Other secure authorization measures

  • Access revocation 
  • Authorization for clients 
  • Authorization for Fluid Attacks staff 
  • Endpoint management 
  • Secret rotation 
  • Session management 
ClientsEndpoints
Fluid Attacks 2026. All rights reserved.