User Termination Best Practices

Ensuring that each departing employee retains no access to your IT infrastructure is critical to protecting your systems and data — but there are more steps than you might think.

How to off-board an employee for good

• Disable the departing employee’s account in Active Directory immediately; after 30 days, remove it.
• Disable the user’s email login; forward email to the user’s manager for as long as needed.
• Terminate VPN and Remote Desktop access.
• Terminate access to remote web tools (web apps, Office 365, e-mail, etc.).
• Terminate access to voicemail. Forward phone and voicemail to the user’s manager, and delete them at the manager’s convenience.
• Disable access to business applications such as SAP.
• Change all shared account passwords that the departing user knows.
• Move the user’s personal share data and email archive to the manager’s account; delete them at the manager’s convenience.
• Reset the “FAX/SCAN to e-mail” setting on multi-function printers.
• Remove the user from email group lists, distribution lists, internal phone lists and websites.
• Connect to the user’s workstation and shut it down.
• Retrieve or disable all company-owned physical assets (computer, laptop, phones, tablet, etc.) assigned to the user, and update the IT inventory.
• Copy all needed local data from employee’s computer to manager’s one.
• Change any access codes the user knows, such as PINs for accessing secured rooms.
• Remove any personal belongings from the user’s work area.
• Inform company staff that the user is no longer employed there.