<img src="https://ws.zoominfo.com/pixel/6169bf9791429100154fc0a2" width="1" height="1" style="display: none;">

All Offboard! The 2023 Tech Staff Offboarding Checklist

Offboarding technical employees can be a complex and arduous process with a lot of moving parts. The key to successful offboarding is to have a clear understanding of what needs to be done, who does it, and how to monitor for any shenanigans from former employees.

That’s why we’ve pulled together the 2022 Tech Staff Offboarding Checklist. It outlines the steps you should take to make sure offboarding is done successfully.

BONUS: Below, we also breakdown how companies like MakeSpace, Hearst, and Fair use this process to improve security, protect sensitive data, and ensure a clean break with outgoing staff.

Why Do I Need an IT Offboarding Checklist?

“We are besieged by simple problems. ... Checklists can provide protection.”

― Atul Gawande,
The Checklist Manifesto: How to Get Things Right

Offboarding technical employees typically requires working with IT and HR to revoke access to multiple systems, recover equipment, and help former employees exit on good terms. A well-structured checklist will help you:

  • Protect your data.
  • Mitigate legal and security threats. 
  • Uphold compliance standards. 
  • Ease the transition for remaining staff. 
  • Part on good terms.

Most of all, a checklist will give you assurance that you have dealt with every requirement of employee offboarding. If you don’t deal with them all, the risk for problems down the line can increase.

Zombie Credentials and Bad Actor Threats

If your offboarding process doesn’t give you confidence that former staff no longer have access to your organization’s infrastructure, then chances are your environment is sprinkled with security gaps. That means former employees may still be able to delete files, misconfigure servers, alter data, or steal intellectual property. Not to mention that bad actors may discover forgotten keys, certificates, and “zombie credentials.” 

Removing access is especially important for IT and security staff. These users often have far-reaching rights to shared folders, user email accounts, and other critical information. Users with network-wide access can even make significant changes in the environment.

To act quickly, you must maintain an accurate IT inventory, including knowledge of who has access to what and where—keys, credentials, certificates, etc.—and take care to revoke access from all sensitive systems. That’s why you can’t rely on severed SSO or VPN access alone. To prevent security breaches, you need a systematic way to revoke employee access across the board and an audit trail to ensure that your process is thorough and effective.

Offboarding Checklist

Simplifying the Offboarding Process

Failure to follow a plan can lead to more than just mistakes, it can create a lot of administrative busywork. This can cause HR and IT to struggle to coordinate the who-what-where of technical staff termination. Effective offboarding of technical staff is a dance between HR, IT, and management.

In organizations with a well-coordinated offboarding strategy:

  • Teams establish a clearly defined process in advance.
  • HR supports DevOps by suspending SSO access. 
  • Engineers and technical staff delete sensitive infrastructure credentials.
  • Automation reduces workload while maintaining security.
  • A final audit ensures that infrastructure is secure.

This is where the checklist comes in.

Technical Staff Offboarding Steps

Use this checklist whenever a technical employee leaves the organization:

  1. Inform HR as soon as termination occurs.
  2. Revoke Identity provider (IdP) and single sign-on (SSO) access.
  3. Remove access to databases, servers, and Kubernetes.
  4. Suspend access to SaaS accounts.
  5. Terminate VPN and employee remote access.
  6. Reset shared passwords.
  7. Forward employee email.
  8. Update system ownership.
  9. Recover company devices and physical assets.
  10. Back up local files and delete suspended accounts, per company policy.
  11. Reassign employee vendor licenses based on role.
  12. Regularly review access logs to ensure nothing slips through.
  13. Conduct an exit interview. 
  14. Express thanks for the employee’s contributions, and part on good terms!

Make Offboarding Even Easier: Automate Offboarding with StrongDM

StrongDM can automate and consolidate your checklist into a simpler offboarding process. That means fewer errors, safer data, and happier employees in HR and DevOps. With StrongDM, you can:

  • Extend your SSO to centrally manage infrastructure access.

By extending your SSO to manage infrastructure access, you can consolidate the many steps involved in revoking access to servers, Kubernetes, and databases across all platforms. When offboarding technical employees with far-reaching access, this is a huge timesaver.

Fair.com, an automotive fintech company, uses StrongDM to simplify the offboarding process for technical staff that need access to databases, servers, and Kubernetes clusters. The company no longer distributes underlying keys or credentials to staff but relies on their SSO to authenticate to any database, server, or K8s cluster.

  • Revoke access to all infrastructure in one click.

MediaOS, which manages content for Hearst’s 21 magazines, including Elle, Cosmopolitan, and Esquire, uses StrongDM to replace a labor-intensive staff termination process. In fact, with StrongDM, MediaOS offboards IT staff in just 60 seconds.

  • Eliminate administrative busywork.

StrongDM reduces administrative overhead by replacing disparate actions, scripts, and stitched-together systems with a unified, automated tool.

MakeSpace used StrongDM to replace a dozen scripts with a single command when offboarding technical staff. Now, MakeSpace can enforce the principle of least privilege (PoLP) without burdening the engineering team with administrative busywork.

  • Minimize the risk of data exposure by enforcing PoLP.

Successful offboarding begins with thoughtful onboarding, which can be simplified by using role-based access control and the principle of least privilege.

MediaOS at Hearst, simplified both onboarding and offboarding using StrongDM. The DevOps team simply invites a new hire to the StrongDM platform and assigns a role. From there, the hire inherits all appropriate database permissions, and revoking these permissions is also just as easy.

  • Maintain an audit trail of who did what, when, and where.

A final step in the offboarding process is regular auditing. You need to know if you are missing or forgetting something that leaves your infrastructure vulnerable.

StrongDM provides an audit trail to everything employees, vendors, and service accounts access. That means you can offboard with confidence.

Get the Checklist. Then Start Automating.

Bad actors and disgruntled employees will always pose a threat to data security. However, simplifying and auditing your termination process will help you mitigate risk and ease administrative burdens, making IT offboarding easy, fast, and painless.

Getting started is as easy as downloading the technical staff offboarding checklist.

How about an onboarding checklist? We have that as well! Find the onboarding checklist here.

Want to simplify offboarding even more? Book a demo of StrongDM.

To learn more about how StrongDM helps companies with offboarding, make sure to check out our Offboarding Use Case.


About the Author

, Contributing Writer and Illustrator, has a passion for helping people bring their ideas to life through web and book illustration, writing, and animation. In recent years, her work has focused on researching the context and differentiation of technical products and relaying that understanding through appealing and vibrant language and images. She holds a B.A. in Philosophy from the University of California, Berkeley. To contact Maile, visit her on LinkedIn.

StrongDM logo
💙 this post?
Then get all that StrongDM goodness, right in your inbox.

You May Also Like

PAM Pricing Simplified: Your Cost and ROI Explained
PAM Pricing Simplified: Your Cost and ROI Explained
The cost of a privileged access management (PAM) solution goes beyond the licensing fees. While it’s tempting to look only at the initial costs, evaluating privileged access management pricing includes examining other factors to determine whether the solution will provide a real Return on Investment (ROI) or cause more problems than it solves.
Privilege Elevation and Delegation Management (PEDM) Explained
Privilege Elevation and Delegation Management (PEDM) Explained
In this article, we’ll explore Privileged Elevation and Delegation Management (PEDM). You’ll learn how PEDM works and how it mitigates the risks associated with poorly managed privileged accounts. By the end of this article, you’ll understand why PEDM is an important security strategy and how businesses can use PEDM to manage privileged access and prevent cyberattacks.
Zero Standing Privileges (ZSP): Everything You Need to Know
What Are Zero Standing Privileges (ZSP)? (And How They Work)
Securing sensitive company data starts with limiting who can access that data, and adopting a zero standing privileges security approach is a great way to control access. In this article, we’ll discuss what zero standing privileges (ZSP) are, how standing privileges are created, and how just-in-time access makes a ZSP model feasible. We’ll explore the risks that accompany standing privileges, the benefits of a zero standing privilege philosophy, and best practices to follow when adopting a ZSP model. By the end of this article, you’ll be ready to incorporate a zero standing privilege philosophy into your security strategy.
Cloud Data Protection: Challenges, Best Practices and More
Cloud Data Protection: Challenges, Best Practices and More
Cloud data protection is an increasingly popular element in an organization’s security strategy. In this article, we’ll explore what cloud data protection is, why it’s important, and the best practices to follow when migrating to the cloud. By the end of this article, you’ll understand the benefits and challenges of adopting a data security strategy for cloud environments.
StrongDM + Cloud Secrets Management = Your New PAM
StrongDM + Cloud Secrets Management = Your New PAM
StrongDM integrates with your favorite cloud secrets manager to provide an end-to-end version of remote access for more than just privileged accounts.