Yes, but do you really want to go through the password recovery process on a device that someone else has been managing with free reign? What if the configuration wasn't written to the device, you reboot it, and then you're facing a pristine new configuration? Congratulations, you now get to start rebuilding a network by hand with no real idea how it's setup. On top of that the guy who built it is sitting in jail and _really_ doesn't want to help you. You may be locked out, but at least the network still functions.
That may be, but there are some times when rules don't allow someone with a record to hold a privileged position. I've seen a few cases where people couldn't be allowed to do a certain job because of past actions. They were 20+ years earlier and, IMHO, rather minor. Regardless, sometime it's just not allowed.
Thanks, that's an interesting way to make a comparison. I just checked for my 15 mile commute to work, which takes 20-30 minutes. If I took public transportation it would take about 2 hours and 20 minutes. Yeah, that's much more efficient.
There are a number of issues to be resolved before worrying about how to get the data transferred. Has the consultant and/or their firm verified their security and controls to your firm's satisfaction with something like a SAS 70? Are there legal agreements in place concerning the proper controls of this data, the explanations or responsibilities in case of a disclosure, etc.? Has the idea been proposed to create bogus data for testing so that live data isn't used? Can the application be loaded on-site, so that a machine outside of your firm's control will not contain highly-sensitive employee data?
I'd ask a lot of questions like these and get answers to my satisfaction before I sent out any data. I would greatly prefer to have to explain to my management why I'm "holding up the train" than have to explain to my coworkers why I was involved in the disclosure of their personal information and mine.