Units must develop a process to ensure that University Records always remain in the custody and control of the University, and that access to University Records is managed when employees leave positions or transition from one Unit to another. When an employee leaves the University, changes positions within the University, or transitions from one Unit to another within the University, the following questions should be answered by the exiting employee:

What University Records in paper format are under your control?

• desktop and desk drawers
• filing cabinets, both in the individual's workspace, shared space or any other location
• records temporarily in the possession of a colleague or another Unit
• commercial records storage

What University Records in electronic format are under your control?

• local hard drive (e.g. C: drive)
• personal drive (e.g. folder on a shared drive only accessible to the individual)
• cloud storage (e.g. Dropbox, OneDrive, Google Drive)
• social media sites (e.g. Twitter, Facebook) managed by the individual on behalf of the University
• Official University Email Account
• email accounts (both official University email and personal email accounts if applicable)
• calendar accounts
• removable media (USB drives, external hard drives, CDs, etc.)
• devices such as laptops or mobile electronic devices, whether University or personally owned

Once the questions above have been answered and an inventory of University Records has been established, the Unit must ensure that if any University Records are currently not accessible by the University (e.g. on a personal storage device/account) they are moved to an accessible location such as a shared drive.

What types of University access do you have?

• University systems
• Cloud solutions used for the delivery of University services
• Social media sites managed by the individual on behalf of the University
• Voicemail
• Keys/swipe cards

For exiting employees the Unit Head or Designate must ensure the exiting employee process is followed Exiting Employee Process. For the transition of an employee from one Unit to another the Unit Head or Designate must ensure University network and system access is deactivated or changed in a timely manner.

In cases where social media sites were being managed by an exiting employee on behalf of the University, the Unit Head or Designate must ensure the individual’s account has been deactivated (if it is a named account) or the username and password has been provided to the Unit (if it is a generic University Account). In the case of a generic University account, the password must be changed.

In the case of Cloud solutions being used by an exiting employee for the delivery of University services, it is the Unit Head or Designate’ s responsibility to terminate any access.