Proper procedures for any IT or security dismissal (or really, for anyone with access to sensitive/proprietary information) is escorting them from the building, disabling their access while they are being told that they're terminated. Any external access they have is revoked by the time the get to the front door; any shared accounts they know (like root, su or domain admin) have their external access suspended until the passwords can be changed. Collect their IDs, corporate cell phone, USB devices, etc. before they leave the premises; they can make an appointment to come back and get them after they've been inspected for any proprietary information. Don't let them go back to their desks and get anything - either send someone to get it for them, or tell them they can get it when they return for the other stuff.
This needs to be part of the process for ANY termination, even if the employee has been a model of behavior and is taking their change of status phenomenally well. People in stressful situations can behave erratically and unpredictably, and the organization must protect themselves against an unexpected reprisal. I've seen people throw away extremely generous separation packages in favor of revenge via venting on Facebook or sending abusive/threatening emails to the CEO. And I wondered what the hell was going through their heads, right up until I got downsized myself in the middle of the recession. I chose to accept, regroup and move on, but I now have a much better understanding of the stress something like that brings to bear.