IT Offboarding Checklist

Max 4 MB | PNG, JPG

IT Offboarding Checklist

Employee Name:

IT Ticket Number:

Last Access Date:

IT Coordinator:

Account & Access Deactivation

☐Disable Active Directory and single sign-on accounts

Deactivate the employee's Active Directory account and any federated SSO credentials on the scheduled date. Move the account to the disabled users OU and set it for automated deletion per retention policy.

☐Revoke access to all cloud platforms and SaaS applications

Disable the employee's access to all cloud services including Google Workspace, Microsoft 365, Salesforce, Slack, Jira, and any other SaaS platforms. Transfer ownership of shared resources before deactivation.

☐Remove VPN access and remote connectivity permissions

Delete the employee's VPN profile, revoke any remote desktop access, and remove their device certificates. Ensure all remote access tokens and saved sessions are invalidated immediately.

☐Deactivate multi-factor authentication tokens and devices

Remove the employee's registered MFA devices, hardware tokens, and authenticator app enrollments from the identity management system. Recover any physical security keys issued to the employee.

☐Revoke database access and administrative privileges

Remove the employee's access to all databases, data warehouses, and analytics platforms. Pay special attention to any elevated privileges or admin access that could pose a security risk if left active.

☐Disable email account and configure auto-reply or forwarding

Deactivate the employee's email account and set up an auto-reply directing senders to an appropriate alternate contact. Configure email forwarding to the employee's manager for a defined transition period.

Hardware & Device Recovery

☐Collect laptop and verify asset tag and condition

Retrieve the employee's company laptop, verify the asset tag matches inventory records, inspect for physical damage, and log the return in the IT asset management system with condition notes.

☐Recover all peripheral devices and docking stations

Collect monitors, docking stations, keyboards, mice, webcams, headsets, and any other peripherals assigned to the employee. Cross-reference against the equipment issuance record to ensure nothing is missing.

☐Retrieve company-issued mobile devices and SIM cards

Collect company phones, tablets, and SIM cards. Perform a remote wipe if the device was used for corporate email or data access, and verify the wipe completed successfully before reassigning the device.

☐Collect any portable storage devices and security hardware

Recover USB drives, external hard drives, hardware security keys, and any portable storage media issued to the employee. Scan for and securely erase any company data stored on these devices.

☐Update IT asset inventory with returned equipment status

Log all returned hardware in the IT asset management system, updating the status of each item to available, needs repair, or retire. Reconcile the employee's complete equipment record and close any outstanding items.

Data Management & Backup

☐Back up employee's email mailbox and calendar data

Create a complete backup of the employee's email account including all folders, sent items, drafts, and calendar entries. Store the backup according to the company's data retention policy and legal hold requirements.

☐Archive and transfer ownership of cloud-stored files

Identify all files, folders, and documents owned by the employee in cloud storage platforms. Transfer ownership to the designated successor or manager, and archive any files that are no longer actively needed.

☐Securely wipe personal data from returned company devices

Perform a certified data wipe on all returned devices, removing both company and personal data. Use approved data destruction methods that comply with the company's information security policy.

☐Review and transfer shared drive access and permissions

Audit all shared drives, SharePoint sites, and collaboration spaces where the employee had owner or admin access. Transfer those permissions to appropriate team members to maintain continuity of access.

☐Ensure compliance with any legal hold or retention requirements

Check with legal to determine if any of the employee's data is subject to litigation hold or regulatory retention requirements. Preserve all relevant data in accordance with legal counsel's instructions.

Security & Compliance Verification

☐Review audit logs for any unusual recent activity

Examine the employee's recent system access logs, file download history, email activity, and login patterns for any anomalous behavior such as mass data downloads, unauthorized access, or after-hours activity.

☐Verify removal from all security groups and distribution lists

Audit Active Directory, email distribution lists, Slack channels, Teams groups, and any other group memberships to ensure the employee has been removed from all internal communication and access groups.

☐Confirm third-party vendor portal access has been revoked

Contact or check all external vendor portals, partner systems, and third-party platforms where the employee had authorized access on behalf of the company, and ensure those accounts are deactivated.

☐Run final access audit to verify complete deprovisioning

Execute a comprehensive access review across all systems using the identity governance platform to confirm that no active access remains for the departed employee. Document the audit results for compliance records.

☐Close the IT offboarding ticket with completion documentation

Update the offboarding ticket with a complete record of all actions taken, devices recovered, accounts disabled, and any outstanding items. Close the ticket and notify HR that IT offboarding is complete.

What Is an IT Offboarding Checklist?

An IT offboarding checklist is a security-focused guide that ensures all technology access, accounts, devices, and data associated with a departing employee are properly revoked, recovered, and secured. It covers the systematic deprovisioning of system access, collection of hardware and software assets, data backup and transfer, and security audit procedures. This checklist is critical for protecting organizational data, intellectual property, and cybersecurity posture during employee transitions.

Why IT and Security Teams Need This Checklist

Departing employees who retain access to organizational systems, data, or cloud accounts represent a significant cybersecurity risk, whether intentional or accidental. This checklist ensures that every access point is identified and revoked, every device is returned and wiped, and every piece of organizational data is secured on or before the employee's last day. It reduces the risk of data breaches, intellectual property theft, and unauthorized access post-departure.

Key Areas Covered in This Checklist

This checklist covers user account deactivation across all systems including email, VPN, cloud services, and SaaS applications. It addresses hardware recovery for laptops, phones, and peripherals, software license reassignment, data backup and migration, shared account password changes, access badge deactivation, and mobile device management wipe procedures. Security audit verification and compliance documentation are also included.

How to Use This Free IT Offboarding Checklist

Coordinate with HR to receive advance notice of employee departures and begin the IT offboarding process immediately, scheduling access revocations for the employee's last day or the termination meeting. Use the Brief/Detailed toggle to access a quick deprovisioning task list or a comprehensive security offboarding guide with system-specific instructions. Download and customize to include your organization's specific systems, tools, and security protocols.

Frequently Asked Questions

What is an IT offboarding checklist?

An IT offboarding checklist is a systematic guide for revoking all technology access, recovering devices, and securing organizational data when an employee departs. It ensures that no system access, accounts, or company data remain accessible to the former employee after their departure. This checklist is a critical component of organizational cybersecurity and data protection.

When should IT access be revoked for departing employees?

For voluntary departures, IT access should be revoked on the employee's last day of employment, typically at the end of business or a predetermined time. For involuntary terminations, access should be revoked simultaneously with the termination notification to prevent potential security risks during an emotionally charged period. Coordinate the exact timing with HR to align with the termination meeting or last-day timeline.

What systems should be included in IT offboarding?

Include all systems the employee had access to, including email, Active Directory or identity provider, VPN, cloud storage, CRM, HRIS, financial systems, project management tools, communication platforms like Slack or Teams, code repositories, SaaS applications, and any industry-specific software. Also include physical access systems such as badge readers, building security, and server room access. Maintain a comprehensive access inventory for each employee.

How do you handle an employee's email account after departure?

Deactivate the email account and set up an auto-reply directing senders to an alternative contact for a defined period, typically 30 to 90 days. Forward incoming emails to the employee's manager or successor, and archive the mailbox according to your data retention policy. Do not delete the account immediately, as emails may be needed for business continuity, legal holds, or regulatory compliance.

What happens to company data on personal devices?

If your organization has a BYOD (Bring Your Own Device) policy, use mobile device management (MDM) software to remotely wipe company data and applications from the employee's personal devices while leaving personal data intact. Ensure employees acknowledge data removal as part of the exit process. Without MDM capabilities, rely on the employee's signed agreement to delete company data and document the acknowledgment.

How do you handle shared accounts and passwords?

Change passwords on all shared accounts that the departing employee had access to, including team email accounts, social media profiles, shared service accounts, and vendor portals. Update authentication credentials for any system where the employee knew or could have known the login information. This is one of the most commonly overlooked steps in IT offboarding and represents a significant security vulnerability.

What hardware should be collected during IT offboarding?

Collect all company-issued devices including laptops, desktop computers, monitors, keyboards, mice, mobile phones, tablets, USB drives, external hard drives, headsets, webcams, chargers, docking stations, and any other peripherals. Verify the returned equipment against the asset inventory assigned to the employee. All devices should be wiped, inspected, and either redeployed or decommissioned according to your asset management procedures.

How do you verify IT offboarding was completed successfully?

Run an access audit across all systems to confirm the departing employee's accounts have been deactivated, verify that all hardware has been returned and checked against the asset inventory, and confirm that shared passwords have been changed. Generate a completion report documenting all actions taken, and have it signed off by the IT offboarding lead. Conduct periodic audits to ensure former employees do not regain access through account reactivation or missed systems.

Written by Adithyan RK

Fact Checked by Surya N

Published on: 3 Mar 2026|Last updated:

Share now: