An employee’s first day. There’s excitement, a new desk, and a flood of access needs: email, software, drives, and systems. Their last day? It’s often a scramble to recover hardware and guess which accounts they had.
This manual process is more than an administrative headache. It is a glaring security vulnerability. Former employees with active access (often called “orphaned accounts”) are a prime attack vector. Conversely, new employees without proper tools are unproductive.
The solution is a standardized, automated checklist. It brings consistency, security, and speed to one of your most critical IT processes.
The High Cost of the Manual Method
- Security Gaps: Forgotten accounts in SaaS tools (like Slack, Salesforce, or QuickBooks) become open doors.
- Compliance Risk: Inability to prove who had access to what, violating regulations like GDPR or HIPAA.
- Productivity Loss: New hires wait for access, and IT spends days on repetitive manual tasks.
- Data Loss: Failure to securely archive or transfer business data from a departing employee’s accounts.
Building Your Automated Checklist: A Template to Adapt
A digital checklist, managed in a tool like Microsoft Lists, Planner, or a dedicated IT service management (ITSM) platform, ensures nothing is missed. Here is a framework to build yours.
Employee Onboarding Checklist
Trigger: Signed offer letter received by HR/Manager.
- IT Ticket Created Automatically.
- Identity & Core Access:
- Create Microsoft 365/Email account, assign license.
- Add to appropriate security groups (e.g., "Sales Team," "Marketing").
- Enroll in Multi-Factor Authentication (MFA).
- Set up required VPN and network folder access.
- Equipment:
- Provision laptop/desktop with standard security image.
- Configure mobile device management (MDM) if company phone issued.
- Ship or prepare equipment for Day One.
- Applications:
- Provision access to line-of-business software (CRM, ERP, design tools).
- Add to communication channels (Microsoft Teams, company Slack).
- Security & Compliance:
- Assign mandatory cybersecurity training course.
- Document all access granted in a central log.
Employee Offboarding Checklist
Trigger: HR notification of resignation/termination.
- IT Ticket Created Automatically.
- Immediate Actions (Day of Notification):
- Disable user’s ability to sign in (Reset password, disable account).
- Remove from all multi-factor authentication methods.
- Block email forwarding rules.
- Access Revocation:
- Remove from all distribution lists and security groups.
- Revoke access to all cloud applications (via an integrated Single Sign-On portal).
- Change shared passwords they may have known.
- Data Management:
- Secure company data on local device (via MDM).
- Set email auto-reply and delegate mailbox access if needed.
- Archive critical business data from their accounts.
- Equipment Recovery:
- Initiate return of all company assets (laptop, phone, access cards).
- Remotely wipe mobile devices if not returned.
The Bespoke Technology Group Angle: Process as a Security Tool
For us, security isn’t just about firewalls. It’s about creating reliable, repeatable processes that eliminate human error. We help clients implement and automate these critical IT administration workflows, often integrating their HR platform with IT systems to trigger these checklists automatically.
This ensures compliance, closes security holes the moment an employee leaves, and gives new hires a seamless, professional first day experience.
Tame the chaos of employee transitions.