Barebones leaving process.

While most businesses have a collection of processes covering their IT infrastructure, one area that is often neglected is when staff leave. Its highly likely that most companies will have user accounts still active for staff that have left some time ago. This not only leads to administrative problems but can also be a security risk.

The most obvious course of action when a staff member leaves is to simply delete their account. While this is a quick process, and immediately gets around the security issues, it can often cause other problems. There are a number of things which should be considered when putting together a leaving process:

Is the user’s email data going to be needed going forward? Experience from our IT helpdesk tells us that you can guarantee that just after the account is deleted, a manager will ask you to check for something!

  • Does email still need to be received at the user’s address?
  • Is the user’s profile stored on a server and does it need to be kept?
  • Does the user’s profile or data need to be accessible on their old PC?

Bearing these points in mind, the following is a recommended process for when staff leave:-

  1. Log in to their account and export they email to a PST file. Copy this PST to a leavers’ area on a data drive, along with any other PSTs they may have. If other staff need access to their email, they can be given a copy of this PST.
  2. If they have a server based profile, move their profile to the leavers’ area and delete their local copy on their PC (this avoids whoever uses their PC afterwards potentially having access to data they shouldn’t).
  3. If they just have a local profile, copy this to the leavers’ area and then delete it from their PC.
  4. If they have a personal network drive, copy this to the leavers’ area and then delete.
  5. Amend their primary SMTP email address to be something generic (such as adding a zz at the start). Their previous address can then be assigned to another user if mail still needs to be received.
  6. Disable their Active Directory account, which also disables their mailbox and hides them from the GAL.
  7. After a period of time, such as 30 days, their account should be deleted (this covers them possibly changing their mind and coming back!).
  8. Periodically, the leavers’ area on the server can be archived to tape or DVD to recover disk space.

This process will ensure that leavers’ accounts are dealt with correctly but their user data is still available should it be required.

Tags: , ,