Access to Asset Past Termination

The subject accesses a corporate hardware asset, most commonly a laptop or corporate mobile device, after their employment has formally ended. This typically occurs due to gaps in deprovisioning, delayed hardware recovery, or the subject physically retaining the device despite offboarding procedures. Post-termination access may be opportunistic or intentional, and may precede or coincide with data exfiltration, sabotage, or unauthorized continuation of internal access.

This sub-section is relevant in cases where the hardware asset is no longer linked to an active identity in HR systems but remains technically functional and capable of network, VPN, or service access. Such access undermines the assumption that termination alone revokes operational capability and may point to procedural drift in IT, HR, or facilities handover workflows.