Guest post: Managing Employee Separations
This post comes from a talented colleague of mine, Jennelle Crothers. She does Systems Administration work in San Francisco. This information is so timely, I asked her if she’d mind if I shared it with my readers. Her blog can be found at techbunny.com
It happens at every workplace. Employees leave layoffs, retiring, or just moving on to new things. As a systems administrator, I wish that managers understood how deeply integrated a staff-person is with the computer systems they work on daily. It’s not always a simple process to undo someone’s existence. In fact, for every new hire you make in 2010, make a point to document all the access that is granted so that when they leave, we can follow it and remove the access.
Processing exiting employees without identity lifecycle tools can be tedious, but it’s often the way things are done in small and medium sized businesses. I realize that several days notice isn’t always possible, but I can hope. I’ll even take a few hours of notice. However, we’ve all gotten that call at ten minutes to 5:00pm letting us know that someone won’t be coming in the next day.
I have my list of basic things I’d like you to think about when it comes to seeing an employee off. Before beginning, it’s important to make sure the employee REALLY is leaving. It’s not unheard of to get several days of notice about a separation, complete account closure process, and then find out that the employee will be contracting from time to time and needs access when they are on-site.
• What time should their network account be disabled? Ideally this is before someone leaves for the day. Worst case is to set account expiration, as midnight often comes a long time after the employee has walked out with their final paycheck.
• Do they have remote access? If yes, I disable that ASAP. This way if the network account has to stay active for longer than I’d like at least they have to be physically in the office to log on.
• Email Forwarding: Is it needed? And if so, who should the mail be forwarded to? I like to turn that on as soon as possible so that any incoming emails (especially over a weekend) are not missed.
• Phone and Voicemail: Is any call forwarding needed? For the same reasons as email, I don’t want any voicemail messages missed or left unchecked for too long.
• Building Access: Has the access to office space been removed? Keys? Access codes?
Now those are just my get-things-under-control checklist. Then comes the rest of the things that need to be considered, but most managers really don’t know to mention them ahead of time.
• Email History: Will someone need a copy of their email box? Does the user have any old files that need to be located and preserved?
• Distribution Lists: Is the user on any email distribution lists?
• Work Files: Does the user have a home folder or area where they store work products? Do these files need to be preserved?
• Phone System: Is the user a destination for any phone tree options?
• Application Management: Is the user the sole owner/manager of other important enterprise products like databases? Those roles will need to be assigned to someone else. Are there any applications that regularly delegate specific tasks that would need to be reassigned to a co-worker?
• External Systems – Does the user have any accounts with third-party systems or external systems with other partners or clients where access would need to be removed separately?
• Locally Installed Applications or Hardware: Do they have some special applications or hardware installed on their workstations that need to be set up for another staff member?
Finally, there is usually a change control process that documents what was done to close the network account of the user so items weren’t overlooked. In a perfect world, the manager in question would have filled out the necessary forms ahead of time, but I’ll settle for some quick answers over email that I can file in our document management system. Every company will have it’s own list of tasks, but the premise is the same. Securing critical data and making sure that business can continue after the departure of an employee are important aspects for all employers’ plans.