Solved

Best Practices: New Employees & Terminated Employees

Posted on 2014-07-24
6
68 Views
Last Modified: 2015-12-07
What is the best practice for items to include on either a new employee \ terminated employee I.T. checklist? (for example: AD, email account, passwords, permissions...)
0
Comment
Question by:bkorodi
6 Comments
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 167 total points
ID: 40217860
Think about what an employee might need at your organization.  My organization probably differs greatly from yours so there wouldn't necessarily be a good template for everything... but think about how you setup a new person, their requirements.  Further, depending on department, some employees might have different needs than others.  Payroll may require an account with a payroll service provider while Accounts Receivable might not.  Step through all the job titles your company has, think about what they need.  Consult with the managers in each section.

As for terminating, I strongly recommend NOT deleting accounts for a VERY long time - DISABLE them.  This allows their SIDs to continue to exist and identifies who they are even after they are gone.  Also, VERY MUCH avoid assigning permissions to users... assign permissions to groups and create a change log of when users are added and removed from the groups.
1
 
LVL 19

Assisted Solution

by:Montoya
Montoya earned 167 total points
ID: 40217934
There's a lot that can be done, based on where you work and how much access you have, or how rights are provisioned.  

As Lee said, groups are always better:
Here's a very quick list (for IT)

desk location
enable ports
enable phone (VOIP or w/e)
desktop or laptop?  
submit serial
Assign image (sometimes different groups get different images installed on laptop/desktop)
add AD account
add Exchange account
Admin of desktop or laptop?
Member of (Assign group memberships)
how many monitors?
ergonomics?
etc.. etc...

that's a simple top of my head list, while Im driving... Im sure others will add
0
 
LVL 24

Expert Comment

by:SunBow
ID: 40220412
ditto Lee W, MVP
review Iammontoya - add a touch or two regarding building security, parking, privacy policy, toleration - if you find something missing then there is a problem to redress.

Review termination, where turn in of keys is obvious, distinguish voluntary (ex:retirement) from involuntary (ex: fired for cause, not just let go). Person leaving should be monitored, have someone else pack bags for involuntary departees.

You (company) should always have backup plan, person who fills in for another and has same access. All data should be preserved, for years, already a process in place for that, so at termination remove all online data (ex: email) for employee 30 days after termination, Person's PCs/drives should be erased immediately.

LogonID should be disabled immediately. I worked at large company that deleted ID after 30 days. Remember it is possible a mistake was made, a persons can change mind about leaving, retiring etc., and there are legal issues for preservations for corporate information such as regarding procurements. eMail for account should be redirected to global administration only.

As said I agree with Lee, don't delete ID (e.g. disagreed with a company policy).

Try to ensure all employees are treated well, even as they leave. They may return. They may be a supplemental resource just a phone call away. Timely handling for their insurance, medical, severance, - some days off for adustment period both the arriving as well as the departing.

New person needs some training to adapt to company, may need relocation time, time to ramp up, get family settled in. If you can overlap first week of one with last of the other so much the better.
0
 
LVL 25

Assisted Solution

by:nickg5
nickg5 earned 166 total points
ID: 40237897
As Lee said this should be a high priority:

"As for terminating, I strongly recommend NOT deleting accounts for a VERY long time - DISABLE them.  This allows their SIDs to continue to exist and identifies who they are even after they are gone."
0
 
LVL 24

Expert Comment

by:SunBow
ID: 40238043
8<) TY
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
The Bounty Board allows you to request an article or video on any technical topic, or fulfill a bounty request to earn points. Watch this video to learn how to use the Bounty Board to get the content you want, earn points, and browse submitted bount…
Notifications on Experts Exchange help you keep track of your activity and updates in one place. Watch this video to learn how to use them on the site to quickly access the content that matters to you.

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question