Platform
NordPass
Applies To: HCI Organization Admins & Owners
Authority Level Required: Owner (Primary Control Recommended)
Purpose
This procedure outlines how to:
Transfer vault items from a deleted member
Permanently delete vault items
Maintain compliance with internal security and data governance policies
Section 1 – Transferring Items to a New Owner
⚠️ Only Organization Owners can transfer deleted members' items.
Steps:
Log in to the NordPass Admin Panel as Owner.
Click “Members” (left sidebar).
Select the “Deleted” tab.
Locate the deleted member.
Click the three-dots menu next to their email.
Select “Transfer.”
Choose the new owner from the list.
Click Transfer to confirm.
What Happens After Transfer:
A folder named:
“Transferred, [Date]”
is created in the new owner’s vault.All transferred items are stored inside that folder.
Shared folders transfer ownership automatically.
The new owner receives a vault notification.
Items previously in Trash will appear in the new owner’s Trash.
Section 2 – Deleting Items of a Deleted Member
⚠️ Only Organization Owners can permanently delete items.
Steps:
Log in to the NordPass Admin Panel.
Click “Members.”
Select the “Deleted” tab.
Locate the member.
Click the three-dots menu.
Select “Delete items.”
Click Delete to confirm.
🚨 This action is irreversible.
Important Governance Notes
Visibility Limitations
Owners cannot view individual items of deleted members.
Owners cannot select specific items to transfer or delete.
Actions apply to the entire vault.
2000 Item Limitation
If the deleted user had more than 2000 items, transfer will not be available.
Automatic Deletion Policy
If no action is taken, items are automatically deleted after 180 days.
After 180 days, recovery is impossible.
Shared Item Behavior
If an item was shared:
Other users retain access.
Ownership is reassigned to the new owner.
Even empty shared folders will transfer (item count may display 0).
HCI Internal Control Recommendation
When an employee exits:
Disable NordPass access immediately.
Within 7 days:
Transfer or delete vault items.
Document action taken in:
Offboarding checklist
IT asset log
Security audit record
Risk & Compliance Considerations (Nonprofit Context)
This process protects:
Donor system credentials
Payment gateway logins
Banking access
PCI-sensitive systems
Cloud admin accounts
Failure to transfer or delete could result in:
Credential orphaning
Unauthorized shared access
Compliance exposure
Good to consider:
A Cybersecurity Governance Controls Matrix for HCI