Describes the roles and responsibilities of both the organization and a third party at the end of the relationship. As part of an exit plan, stakeholders will be consulted, data will be returned or destroyed, third-party access to networks, systems, and physical facilities will be de-provisioned, records will be retained, and equipment, assets, and intellectual property will be returned. It’s important that exit plans include timing for all required activities and contingency plans in case the third party is unable or unwilling to fulfill their responsibilities.