Skip to main content Skip to main menu Skip to footer

Employee offboarding

Employee offboarding

Decrease Text Size Increase Text Size

Page Article

Create an Employee Offboarding Process

An offboarding process should include IT and security personnel from the very beginning. Their role in the offboarding process should begin as soon as notice is given or as plans are in place to terminate an employee. IT and security should work together to create a checklist of their offboarding responsibilities, which should include the following:
  • Create an inventory of the employee’s digital life in the company. There should be a record of every company device in the employee’s possession, accounts they have access to, and any admin permissions and responsibilities. The more that is known about the employee’s digital footprint, the easier it will be to delete it.
  • Set deadlines. Working with the employee’s manager, IT can set up specific times to delete access to accounts or have devices returned. At this point, the employee should only be able to access the data they are currently using to finish up projects. Also, begin to revoke software licenses for the outgoing user.
  • Audit what users do. Security should keep watch over network activity to ensure the employee isn’t downloading a high volume of files or moving them to personal clouds.
  • Deploy a data management solution that can easily silo employee data that must be retained.
  • Delete the employee’s access before they leave the building for the last time. Whether it is during the exit interview or the goodbye party, access to email, software, cloud services, apps, and other digital properties should be removed.
  • Create a thorough list of digital devices to make sure everything has been recovered.
  • Shut access to any apps on personal devices.
  • Change passwords and set up forwarding for email and voicemail. 
  • Use a zero-trust model for security. Once the person leaves, security should consider a zero-trust model as part of the offboarding process. They should also assume that any attempt to log in is a potential threat which means an action is required. 

Related Topics


Page Footer has no content