Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Best Practices: New Employees & Terminated Employees

Posted on 2014-07-24
6
Medium Priority
?
78 Views
Last Modified: 2015-12-07
What is the best practice for items to include on either a new employee \ terminated employee I.T. checklist? (for example: AD, email account, passwords, permissions...)
0
Comment
Question by:bkorodi
5 Comments
 
LVL 97

Accepted Solution

by:
Lee W, MVP earned 668 total points
ID: 40217860
Think about what an employee might need at your organization.  My organization probably differs greatly from yours so there wouldn't necessarily be a good template for everything... but think about how you setup a new person, their requirements.  Further, depending on department, some employees might have different needs than others.  Payroll may require an account with a payroll service provider while Accounts Receivable might not.  Step through all the job titles your company has, think about what they need.  Consult with the managers in each section.

As for terminating, I strongly recommend NOT deleting accounts for a VERY long time - DISABLE them.  This allows their SIDs to continue to exist and identifies who they are even after they are gone.  Also, VERY MUCH avoid assigning permissions to users... assign permissions to groups and create a change log of when users are added and removed from the groups.
1
 
LVL 19

Assisted Solution

by:Montoya
Montoya earned 668 total points
ID: 40217934
There's a lot that can be done, based on where you work and how much access you have, or how rights are provisioned.  

As Lee said, groups are always better:
Here's a very quick list (for IT)

desk location
enable ports
enable phone (VOIP or w/e)
desktop or laptop?  
submit serial
Assign image (sometimes different groups get different images installed on laptop/desktop)
add AD account
add Exchange account
Admin of desktop or laptop?
Member of (Assign group memberships)
how many monitors?
ergonomics?
etc.. etc...

that's a simple top of my head list, while Im driving... Im sure others will add
0
 
LVL 24

Expert Comment

by:SunBow
ID: 40220412
ditto Lee W, MVP
review Iammontoya - add a touch or two regarding building security, parking, privacy policy, toleration - if you find something missing then there is a problem to redress.

Review termination, where turn in of keys is obvious, distinguish voluntary (ex:retirement) from involuntary (ex: fired for cause, not just let go). Person leaving should be monitored, have someone else pack bags for involuntary departees.

You (company) should always have backup plan, person who fills in for another and has same access. All data should be preserved, for years, already a process in place for that, so at termination remove all online data (ex: email) for employee 30 days after termination, Person's PCs/drives should be erased immediately.

LogonID should be disabled immediately. I worked at large company that deleted ID after 30 days. Remember it is possible a mistake was made, a persons can change mind about leaving, retiring etc., and there are legal issues for preservations for corporate information such as regarding procurements. eMail for account should be redirected to global administration only.

As said I agree with Lee, don't delete ID (e.g. disagreed with a company policy).

Try to ensure all employees are treated well, even as they leave. They may return. They may be a supplemental resource just a phone call away. Timely handling for their insurance, medical, severance, - some days off for adustment period both the arriving as well as the departing.

New person needs some training to adapt to company, may need relocation time, time to ramp up, get family settled in. If you can overlap first week of one with last of the other so much the better.
0
 
LVL 25

Assisted Solution

by:nickg5
nickg5 earned 664 total points
ID: 40237897
As Lee said this should be a high priority:

"As for terminating, I strongly recommend NOT deleting accounts for a VERY long time - DISABLE them.  This allows their SIDs to continue to exist and identifies who they are even after they are gone."
0
 
LVL 24

Expert Comment

by:SunBow
ID: 40238043
8<) TY
0

Featured Post

Become an IT Security Management Expert

In today’s fast-paced, digitally transformed world of business, the need to protect network data and ensure cloud privacy has never been greater. With a B.S. in Network Operations and Security, you can get the credentials it takes to become an IT security management expert.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Machine Learning is one of the profound applications of AI and therefore, just like AI, it is surrounded by myths and fears. Check out these facts about ML that demystify the related myths.
The Bounty Board allows you to request an article or video on any technical topic, or fulfill a bounty request to earn points. Watch this video to learn how to use the Bounty Board to get the content you want, earn points, and browse submitted bount…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question