Return of Organisation's Assets upon Departure
Ensure that employees and external parties return all company assets when their job or contract ends.
Plain language
When someone leaves the company or ends their contract, they need to give back everything that belongs to the company, like laptops and keys. This is important because if people keep company stuff, they might accidentally or intentionally lose critical information or misuse assets, which can cause serious harm to the business.
Framework
ISO/IEC 27001:2022
Control effect
Preventative
ISO 27001 domain
Organisational controls
Classifications
N/A
Official last update
24 Oct 2022
Control Stack last updated
18 May 2026
Maturity levels
N/A
Official control statement
Personnel and other interested parties as appropriate shall return all the organisation's assets in their possession upon change or termination of their employment, contract or agreement.
Why it matters
Without a structured asset return process, ex-employees may retain access, risking data breaches or misuse of organisational resources.
Operational notes
Embed asset return and access revocation in HR/IT/facilities offboarding checklists; confirm return of devices, badges, keys and tokens before exit.
Implementation tips
- The HR manager should ensure that the departure process includes steps for returning all company assets. This can be done by creating a checklist for employees to follow when they leave, which includes items like laptops, door keys, and documents.
- IT managers need to track all electronic assets given to employees, such as computers and phones. They can use an asset management system that logs devices to specific employees, making it easier to know what needs to be returned.
- Office managers should manage the return of physical assets like office keys and security cards as part of the exit procedure. They should document who has which items and schedule a time when the departing employee can return them.
- Security personnel should monitor data access during an employee's notice period to prevent unauthorized copying of sensitive information. Implementing monitoring tools can help detect and block any unusual data access.
- Senior management should ensure knowledge from departing employees is documented and transferred. This involves arranging exit interviews where the employee can pass on crucial information about their role and projects to remaining team members.
Audit / evidence tips
- AskThe exit procedure documentation
- GoodSystem will show clear records of what assets each person had and their return status
- AskRecords of exit interviews or similar knowledge transfer sessions. Review how often these are conducted and what information is typically gathered. A well-documented process will demonstrate consistent collection and transfer of crucial knowledge
Cross-framework mappings
How Annex A 5.11 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ASD ISM
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (1) expand_less | ||
| ISM-0430 | Annex A 5.11 requires that, when personnel or other interested parties leave or change roles, they return all organisational assets in th... | |
| handshake Supports (1) expand_less | ||
| ISM-0407 | Annex A 5.11 requires that personnel and other interested parties return all organisation assets in their possession when their employmen... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.
Want to implement this control?
Mindset Cyber runs PECB-accredited ISO/IEC 27001 training that maps directly to the controls in this library.