Employee Offboarding Checklist
(IT Access Removal)
A practical checklist to reduce “lingering access” risk when staff leave.
A practical checklist to reduce “lingering access” risk when staff leave.
Many “small business breaches” are caused by old accounts, shared passwords, and unrevoked access after staff or contractors leave.
| Item | Status | Owner | Notes |
|---|---|---|---|
| Disable user account (M365 / Google / AD) | ☐ | ||
| Revoke sessions / sign-out everywhere | ☐ | ||
| Reset shared passwords (Wi‑Fi, vault, shared accounts) | ☐ | ||
| Remove MFA methods / recovery email / phone | ☐ | ||
| Disable remote access (VPN / RDP / remote tools) | ☐ | ||
| Collect company devices (laptop/phone) or lock/remote wipe | ☐ |
| Item | Status | Notes |
|---|---|---|
| Transfer mailbox/OneDrive ownership (manager or shared mailbox) | ☐ | |
| Review shared folders/SharePoint permissions | ☐ | |
| Remove from distribution lists, Teams, groups, shared calendars | ☐ | |
| Remove access to line-of-business apps (accounting, payroll, POS, CRM) | ☐ | |
| Check vendor portals / banks / payment systems access | ☐ |
| Item | Status | Notes |
|---|---|---|
| Audit logs: confirm no suspicious forwarding rules or recent sign-ins | ☐ | |
| Confirm licence reclaim / remove paid app seats | ☐ | |
| Update documentation: “who owns what” and key contacts | ☐ |
Copy/paste to HR / manager / IT contact:
Staff member leaving: __________
Last day/time: __________
Systems used (if known): __________
Device(s) to collect: __________
Mailbox/OneDrive to transfer to: __________
Any shared accounts they knew: __________
No hard sell - just clarity and practical next steps.
hello@virtusgroup.biz