writes "I've worked in the IT industry for 8 years and for whatever reason I've never had to deal with a disgruntled employee that either quits or is terminated. It just happened last week. This employee was a VP, so they had access to a lot of company data (client information, financials, etc). Now, I like to think of myself as paranoid when it comes to keeping records of everything that goes on since I still have access log files from 2003, but I'm wondering what exact procedures other SysAdmins take when dealing with this. It's a small company (10 client nodes, 2 servers) so there's no real policy in place to go by. So far, I've disabled the account on the LDAP, disabled the employee's website credentials, archived all of the access logs to an encrypted flash drive, and cloned their old PC to an offsite backup machine. Being a responsible admin, I need to ask...is there anything I'm overlooking? This employee was pretty pissed off..."