Skip to main content
Skip table of contents

Access Onboarding and Termination

2025.1

Reviewed: 9/20/2024
Updated: 9/20/2024

Purpose and Scope:

  1. The purpose of this policy is to define procedures to onboard and offboard users to technical infrastructure in a manner that minimizes the risk of information loss or exposure.
  2. This policy applies to all technical infrastructure within the organization.
  3. This policy applies to all full-time and part-time employees and contractors.

Background:

  1. In order to minimize the risk of information loss or exposure (from both inside and outside the organization), the organization is reliant on the principle of least privilege. Account creation and permission levels are restricted to only the resources absolutely needed to perform each person's job duties. When a user's role within the organization changes, those accounts and permission levels are changed/revoked to fit the new role and disabled when the user leaves the organization altogether.

Controls and Procedures

During onboarding:

  1. Hiring Manager informs HR upon hire of a new employee.
  2. HR submits a help desk ticket to IT to inform them of a new hire and their role.
  3. Following predefined departmental profiles, IT creates accounts and assigns appropriate permission levels needed for that role.
  4. For resources outside of the ownership of IT, the owner of each resource will review and approve account creation and the associated permissions.
  5. IT works with the owner of each resource to set up the user. Together, IT and the resource owner will provide the appropriate security and use training for the application and role.

During offboarding:

  1. Hiring Manager notifies HR when an employee's employment is ending.
  2. HR promptly notifies IT, via ticket, with the effective date and time of the end of employment.
  3. IT terminates access to email and customer facing services immediately, and will continue to remove access to other lower priority accounts throughout the business day.

When an employee changes roles within the organization:

  1. Hiring Manager will inform HR of a change in role.
  2. HR and IT will follow the same steps as outlined in the onboarding and offboarding procedures, especially providing the appropriate security for the new role and new access that is granted with the role.

Review of accounts and permissions:

  1. Quarterly, IT and HR will review accounts and permission levels for accuracy.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.