Drata

An Off-boarding Checklist will be specific to your company. However, the main items an auditor will look for is documentation or a ticket that shows:

The individual’s system access was disabled/removed within the SLA defined in the System Access Control Policy.

1. For complex IT environments, prioritize systems that can be accessed from the Internet or Public Networks. 
2. Refer to your User Access Matrix or Access Review documentation to determine the systems that the individual had access to.

IT equipment and access cards were returned.

1. The individual’s system access was disabled/removed within the SLA defined in the System Access Control Policy.
 1. For complex IT environments, prioritize systems that can be accessed from the Internet or Public Networks. 
 2. Refer to your User Access Matrix or Access Review documentation to determine the systems that the individual had access to.
2. IT equipment and access cards were returned.

Some other best practices to consider are:

Reminding the employee of any confidentiality obligations that continue past termination.

Set up an email forward to the individual’s manager or other leader.

Setup a process to ensure that the individual’s computer is securely erased prior to being repurposed within the org or recycled/trashed.

Rotate passwords known to the employee (this is more for involuntary terminations and employees with privileged system access).

- Reminding the employee of any confidentiality obligations that continue past termination.
- Set up an email forward to the individual’s manager or other leader.
- Setup a process to ensure that the individual’s computer is securely erased prior to being repurposed within the org or recycled/trashed.
- Rotate passwords known to the employee (this is more for involuntary terminations and employees with privileged system access).
- Conduct an Exit Interview.