When an employee leaves, especially after a difficult termination, property security needs to be handled quickly and calmly. The risk is not always malicious. Keys may be forgotten in a drawer, fobs may remain active, alarm codes may be shared, and access permissions may be wider than anyone realised. A clear process protects the business, the remaining staff and the former employee from uncertainty.
The best approach combines HR procedure, access control, lock management and record-keeping. Professional commercial locksmiths at LocksmithLocal recommend that you should not wait until after a problem to discover who had keys to the stockroom, server cupboard, vehicle yard or rear fire exit.
Start with an access inventory
List every way the employee could access the business: physical keys, master keys, fobs, cards, keypad codes, alarm codes, safe codes, vehicle keys, shutter keys, cabinet keys, gate remotes, app-based credentials and shared passwords. Include informal access such as a spare key kept with a supervisor or a code known by a whole team.
Many businesses focus only on the front door. In practice, the risk may be a back entrance, stockroom, cash office, tool store, warehouse shutter or shared building entrance.
Recover physical keys immediately
Collect keys during the termination process where appropriate. Check them against a key register. If you do not have a register, create one from this point onward. Ask managers what keys were issued informally. Do not rely on memory if the person held a senior or facilities role.
Returned keys do not always mean security is intact. Standard keys can be copied. If the employee held keys to sensitive areas, if the departure was hostile, if keys were missing at any point or if the keys are standard profiles, rekeying or lock replacement may still be sensible.
Disable electronic credentials
Fobs, cards and mobile credentials should be disabled at the agreed leaving time, not days later. Remove the user from access control systems, alarm apps, intercom apps, smart locks, visitor systems and any building management platforms. If shared PIN codes were used, change them immediately.
This is where electronic access control is valuable. Removing one fob is easier than changing a lock. However, it only works if each person has their own credential. Shared codes and shared fobs weaken accountability.
Review master keys and high-level access
If the employee held a master key, the risk is wider than one door. A master key can open many areas. If it is not returned, or if it may have been copied, you may need to rekey affected cylinders. The scope depends on the master key hierarchy and key control system.
This is why restricted key systems and careful master key design matter. If too many doors sit under one key, one termination can become an expensive security event. If access levels are well designed, the affected area may be smaller.
Change codes that people share
Shared keypad codes, alarm codes, safe codes and gate codes should change when someone leaves if they knew them. Better still, replace shared codes with individual user codes wherever the system allows. Individual codes can be deleted without disrupting everyone.
Do not write new codes on noticeboards or send them in unsecured group chats. Treat them like keys. Record who receives them and when.
Secure sensitive zones first
Prioritise areas containing cash, stock, tools, personal data, server equipment, medicines, controlled goods, vehicles and confidential documents. A former employee with general office access is one risk. A former employee with access to high-value stock or customer data is another.
If you cannot secure everything immediately, secure the highest-risk zones first and arrange a wider review. Temporary measures may include rekeying a stockroom, disabling a fob, changing alarm codes and moving high-value items overnight.
Do not forget vehicles and mobile assets
Company vehicles, vans, fuel cards, parking fobs, garage keys and yard gate remotes often sit outside the main access control process. Recover vehicle keys and delete driver app access if relevant. If a vehicle key is missing, consider whether the vehicle needs rekeying, immobiliser key deletion or secure parking until resolved.
Tools and laptops should also be checked. Physical building security and asset security overlap.
Coordinate with landlords or managing agents
If the business is in a shared building, some access may be controlled by the landlord or managing agent. Communal entrance fobs, car park access, lift passes and shared alarm zones may need updating. Notify the responsible party promptly and keep a record of the request.
For multi-tenant premises, make sure your changes do not compromise fire exits or shared escape routes. Locking a rear door to solve one problem can create a bigger safety issue.
Use a termination security checklist
A practical checklist includes:
- Recover keys, fobs, cards, remotes and vehicle keys.
- Disable access control credentials.
- Change shared PINs and alarm codes.
- Review master key exposure.
- Rekey sensitive doors if key control is uncertain.
- Remove app and smart-lock access.
- Update safe, cabinet and shutter access.
- Notify landlord or managing agent for shared access.
- Record actions taken and who authorised them.
- Review whether access levels were too broad.
This checklist should be part of the offboarding process, not an afterthought.
Rekey, replace or rely on returned keys?
If the departure is routine, the keys are restricted, access was limited and everything is returned, you may not need lock changes. If the departure is contentious, keys are missing, keys were standard and easily copied, or the person held high-level access, rekeying is often prudent.
Rekeying changes which keys operate the locks while retaining suitable hardware. Replacement may be better if locks are worn, low-grade or due an upgrade. Access control credentials should be deleted regardless.
Document the decision
Record what was recovered, what was changed, what was not changed and why. This helps with insurance, disputes and future audits. If an incident occurs later, you want to show that the business took reasonable steps.
Documentation also helps reveal patterns. If every termination requires emergency code changes because everyone shares one PIN, the system needs improvement.
The practical answer
After an employee termination, secure access quickly, proportionately and in writing. Recover keys, disable credentials, change shared codes and rekey where key control is uncertain. The higher the access level and the more sensitive the area, the faster you should act.
Email your news TIPS to Editor@Kahawatungu.com — this is our only official communication channel
