Internal Invest & EDP - Holding phone wi

Employee Departure Program (EDP)

Employees currently think of stealing data, or taking corporate data with them, as if they were simply taking paper clips home - technology, data security and solid policies help to stop this.

Various research reports have been published, supporting this thought process, which should serve as a warning sign for businesses:

  • The 2018 Ponemon report on data found that 75% of employees say they’ll have access to data they shouldn’t and 25% of employees are willing to sell data to a competitor for less than $8,000. Organizations are worried about this;

  • A recent Quest research found 90% of organisations feel vulnerable to ‘insider’ attacks, with excessive access privileges (37%), access to sensitive data (36%) and the increasing complexity of IT (35%) being the key reason why.


Downstreem’s Employee Departure Program is designed to assist corporate Legal, HR and IT departments with the handling of an employee’s devices and data sources prior to or during an off-boarding process. 


The EDP is divided into four (4) categories:


The designated Downstreem advisor works with Corporate IT to create or edit the employee departure protocol, from a technical aspect. This includes:


  • Offboarding checklist

  • Digital chain of custody document and employee consent form

    • The consent form is recommended when imaging of the employee’s personal devices, if used for company business, i.e. under a BYOD policy or practice

  • Software/application training

  • Documented best practices for the securing of devices, preservation and documentation guidelines

When the EDP is initiated, the Downstreem analyst or Corporate IT documents:

  • Devices the employee used and/or had access to, during his/her employment

    • Desktop/Laptop

    • Mobile device(s)

  • Data sources on the corporate network or in other (cloud-based) locations that the employee has/had access to

  • Usernames and Passwords/pin codes the employee utilized

    • Desktop/Laptop

    • Mobile device

    • Enterprise systems (i.e. ERP, finance, etc.)

    • Other applications/resources that require a password


Once usernames, passwords, devices and data sources have been identified, either a designated Downstreem analyst or a member of the Corporate IT team will perform the preservation of identified devices and data sources.


It is imperative that industry-accepted, defensible tools, programs and equipment are being used for the preservation process.

The EDP’s best practices section is referenced for naming conventions, logs and forms to be completed and overall process documentation.

In some cases, an immediate analysis or triage of the employee’s devices is necessary, especially when data egress is suspected. Downstreem provides the ability to quickly triage an employee’s devices. 

Triage can be customized, where required and the following analysis items are part of Downstreem’s standard EDP report package:

  • USB device history

  • Browsing history and browser search terms, incl. cloud-based email account usage

  • Shortcut (LNK) files & MS Office recent files

  • Jump lists and shell bags

  • Cloud-based email and messaging accounts

  • Windows 10 timeline (where it is enabled)

Info Sheet.PNG

Downstreem is ready to assist you at your convenience.

Call or eMail and we will respond within 24 hours.

Contact Us.PNG