An individual’s private key serves as an individual’s signature. Therefore, when leaving an organization, individuals should not return their private keys and/or passwords to anyone. If they do, then another individual may unlawfully use it to digitally sign work under their identity.
Users should destroy their private keys. The Laboratory Administrator should then use the GLP Configuration Utility to deactivate the signing permissions of this user from the time they left onwards. However, the Laboratory Administrator should NEVER delete this individual’s public key from the GLP Server. The public key is still required to validate all GLP compliant work that was previously performed by that individual.