Upon an employee's resignation who has access to sensitive information, what should be done first?

The most immediate and critical action upon an employee’s resignation who has access to sensitive information is to revoke the employee's access to all systems. This step is vital to protect organizational data and maintain security, especially since the individual may have the opportunity to misuse or exfiltrate sensitive information during the transition period.

Revoke access as soon as the resignation is acknowledged to minimize the risk of unauthorized access or potential data breaches. This action should be part of a well-defined offboarding process, ensuring that all access rights are removed in a timely manner. Timing is crucial; if access remains active for even a short period post-resignation, it could lead to serious security vulnerabilities.

While conducting an exit interview, ensuring succession plans, and reviewing the employee's job history are also important steps in the overall management of employee departures, they are secondary to the immediate need to secure company information. Addressing security concerns first ensures that sensitive data remains protected during the resignation process.