At work, staff come and go. And much must be done when a staff member leaves, such as ending health benefits and ensuring equipment gets returned. Some entities even have checklists to make sure all the offboarding steps are completed, which is a great practice! Even if you don’t have a checklist, you probably wouldn’t forget to take them off your payroll — but would you remember to shut down all of their system access? Employees could have access to many different systems to do their job. Some of those systems might be more risky than others, such as those that contain or access confidential information.
If user access for a former employee does not get removed, that access could be exploited for undesirable purposes by a disgruntled employee, other staff, or even a hacker.
It’s important to have a good process in place so that all access gets removed promptly upon employee separation. Often, these offboarding processes involve several departments and functions working together. Make sure to keep your IT department (or whoever is responsible for removing system access) among those departments in the loop, too. And remember, employees might have access to multiple systems.
Even with a good process in place, we highly recommend that you periodically review system access reports just in case a former employee’s access slips through. This might require combining efforts between HR and IT to compare notes regarding active and separated employees and who is granted system access.
Several examples of offboarding checklists can be found online. Here is one possible source:
- University of Washington: https://hr.uw.edu/ops/ending-employment/