Employee off-boarding: safeguard your business with process and procedure

Valkyrie Employee off-boarding safeguarding procedure
Valkyrie Employee off-boarding safeguarding procedure

Employee off-boarding can be mundane, yet it is critical to businesses and the IT team. Handling a disgruntled employee leaving a company requires additional care and attention. A proper offboarding process and procedure – executed diligently and efficiently – is vital in today’s technologically savvy world. That’s easier said than done, especially considering IT departments need more visibility and control over employees’ IT use.

10-15 years ago, employee off-boarding was a relatively simple process. Today, employees can quickly adopt new cloud and Software as a Service (SaaS) applications whenever/wherever they want, and the old IT offboarding playbook of “disable AD account, forward email, recover and wipe device, and call it a day” is no longer enough. That said, in our experience, companies often overlook these basics.

When somebody leaves an organisation, you must have a process that will allow you to notify the relevant people, and that is not just ‘telling someone in IT’. It’s also about informing the appropriate personnel in other departments, such as HR.

Everybody works differently, and with technology so easily accessible, you need to know the behaviours of the employees on how they work, how they access systems/data, and what they don’t need to access. On several occasions, Valkyrie has been requested to investigate; however, due to a lack of procedure, awareness and communication, the IT team have deleted the online accounts rather than restricting access and repurposed the laptop by wiping the device. This is problematic and far from ideal when an investigation is required.

Here are some of the steps to consider:

  1. Have a thorough employee off-boarding process/procedure in place and practice scenarios regularly.
  2. Notify everyone involved, including IT, HR, business heads and the employee’s team
  3. Disable access and accounts.
  4. Review the employment agreement, check the notice period and non-compete/confidentiality agreements, return company property, and conduct an exit interview if possible.
  5. Don’t delete preserve – this allows time to decide whether the data needs forensically preserving at a later date if an investigation is required.
  6. Understand how the leaver accessed data – what and where they used it. Have you restricted everything you can?
  7. Consider legal compliance, maintain confidentiality, and professionally manage the employee transition.

By following these best practices and procedures, employers can maintain professionalism and minimise disruptions when employees leave the company, contributing to a positive work environment and maintaining the company’s reputation. If in doubt, call Valkyrie to discuss; we are happy to advise.

Valkyrie Updates


Stay informed with the latest insights, expertise and innovations in the world of security with Valkyrie’s news, reports and white papers