Documentation
Support
Home
Procedures & Controls

Leaver / Off-boarding Checklist

Edited

Process Checklist

Off-boarding/Leavers

When an employee leaves the company, you'll need to remove them from all information technology assets. Before doing so, you should block them from accessing company files, preserve the documents they created, and perform several other admin tasks associated with removing a user.  Both Microsoft 365 and Google require you to maintain licensing on accounts until account deletion. 

Process Overview:

  1. When was the last time you reviewed your offboarding checklist?   _________________?

  2. How would you characterize this request and effort required?

    • Offboarding

      • Disable a user (30 min)

      • Disable a user with data migration? (60 min)

      • Disable a user and enable another user to access resources? (2 hours)

    • Succession:

      • Transition job roles from one user to another?   (4+ hours)

      • What date is the new person taking over?  ______________?

  3. What is your most important (pick 1) objective:

    • Secure the account.

    • Account takeover.

    • Forensics/Evidence/Crime.

  4. Review: asset inventory by visiting https://www.bentosecurity.com/login and logging into your respective portal.

  5. Collect Off-boarding information.   Our security team needs the following items from you:

    • Departure Type

      • Standard (no special requirements). 

        1. We will collect some evidence. 

        2. This option allows us to delete data.

      • Priority (short notice or medium/high risk).  

        1. We will collect and review evidence.

        2. This option automatically requires us to preserve data.

        3. You will be charged against your incident retainer. 

    • Account Change:

      • Sign-out and Block Sign-In (Disable account) (Secure)

      • Change password (Not Secure)

      • Rename the account (Never advised)

    • Last Day / Termination Date is ______________________.

    • E-Mail forwarding requirements.

      • Forward E-Mail to ____________________.

      • Don’t forward. 

    • Do you need a message sent to external senders indicating the change?

      • No, nothing to do. 

      • Yes (setup reply rule - only available for M365/Exchange Online)

    • Mobile Devices

      • Do nothing

      • Audit and Review Risk

      • Attempt to Wipe

    • Personal data or document retention requirements. 

      • Delete immediately

      • Keep data for now

      • Migrate data to another user

      • Grant access to another user 

    • Third-party app risks

      • Review OATH and API access

      • Skip 

    • Mailbox retention requirements. 

      • Delete immediately

      • Keep data for now (you will notify when ready to remove)

      • Grant access to another user 

      • Migrate data to another user

    • Hardware retention requirements.

      • Repurpose

      • Preserve/Retain/Hold

      • Retire

    • Workstation identifier/serial is ____________________?

    • Workstation immediate steps are to:

      • Lockout 

      • Change Password

      • Reassign to another user.

      • Do nothing.

  1. Task List for Access Control?

    • What other services will you need to disable?  

      • Have you verified all mission-critical system procedures and taken action?

      • Have you verified all other system procedures and taken action?

    • What other things are you planning to do with this departure?

      • ___________________

      • ___________________

      • ___________________

      • ___________________

      • ___________________

  2. Submit the request to your Security Operations Team via established process or e-mail to support@bentosecurity.com.

    • Requests need at least 2 business days to be considered Standard

    • Requests with less than 2 business day notice are considered Priority.

    • Succession process requires a block of time booked for the transition. 

    • Be sure to schedule time with our team if you want handling beyond Best Effort.