Onboarding and offboarding: The overlooked IT process costing you security and money

When the IT on or offboarding of staff isn't done well, you inherit a number of problems:

1. Your systems (and business) are more exposed and vulnerable to cybersecurity breaches
2. Unnecessary spend on tools and licences
3. Poor employee experience at a time when you're trying to make new staff feel welcome
4. Frustration and wasted time when access to a specific tool walks out the door with an unhappy former staff member.

In most organisation, onboarding and offboarding is treated as HR admin rather than a critical IT control. There's no single owner, no IT-specific checklist, and no "done/dusted" verification. Leaders often don't know what "good" looks like, so gaps remain invisible.

There's often no internal debriefing after onboarding or offboarding staff. Most businesses will have some regular check-ins with a new employee and some offer exit interviews to outgoing staff, but how many times have you reviewed whether the actual process of onboarding or offboarding that team member went smoothly, had gaps or was just plain messy?

First off, we do truly mean working with IT - not placing an order with them, which is often what an onboarding process consists of.

Your IT provider or internal IT Manager should be a great source of knowledge and advice on how to smooth out the onboarding and offboarding bumps. They'll be able to pinpoint where inefficiencies might be leading to heightened risk and vulnerability or be impacting your bottom-line.

Behind the scenes, your IT provider or IT team can set up systems so that when a staff member joins or leaves, the process is smooth and efficient. Saving you time, money and endless frustration.

Some of the basics we recommend that make the onboarding and offboarding process simpler are:

ONE: Implement single-sign-on

Has your IT provider or IT Manager mentioned the terminology 'digital identities'? Hopefully they've discussed single-sign-on with you.

If you have single-sign-on in place for your employees, then you only have to create one 'digital identity' for that person. This single identity should encompass as many of their login and licence credentials as possible.

How does this make it easier for you? Say you have a team member who has:

• a Microsoft 365 licence
• an Adobe licence
• a Xero licence

all sitting under their single-sign-of identity.

When they exit the business, turning off their access (and your subscriptions) to all three platforms becomes far simpler. With single-sign-on, access can be managed through that one digital identity, rather than having to repeat the disabling and cancelling actions time and time again across each individual licence.

It also gives you far greater visibility of what tools, access permissions and subscriptions are associated with that employee as they all sit under that single umbrella.

TWO: Use role-based access controls.

Your IT provider or IT Manager should be working with all departments and your leadership team to ensure that role-based access controls are rolled out across your organisation.

What is role-based access control (RBAC)? It stems from the central idea that people should only have access to the information and tools they actually need to do their job. No more, no less.

Implementing role-based access helps with security (for example avoiding data leaks), privacy, compliance and - crucial for what we're talking about here - it makes management of access as people join, leave or change roles much simpler.

With role-based access control, you are predetermining the baseline access and tools that an employee in a certain role inherits.

For example, in your workplace you might look at the role of Finance Manager and ask, 'what does our Finance Manager need to access?' The answer might be something along the lines of:

• Leadership team documents
• All accounting software
• Finance SharePoint folders
• Payroll reports.

When a new Finance Manager starts, you can simply apply the predetermined role-based access to that new employee - no discussions with different staff about what level of access they need and what tools they should have. It's all been predetermined and can be rolled out quickly and consistently. From day one, your new Finance Manager has the right access to files and software they need to do their specific job. No individual configuration required.

The key point with role-based access controls is that these are predetermined, not designed on the fly. They set the baseline access for employees based on their role, not a whim and eliminate the need for individual configurations for every single employee. Phew.

THREE: Consider pre-configured devices.

Depending on how your organisation operates, a consideration that can support a truly efficient onboarding process is having a pool of spare, configured devices available.

If your organisation isn't onboarding new staff on a regular basis or you always have 4-6 weeks to manage device approvals, order them and then have IT configure them, then having pre-configured devices available isn't as crucial for you.

On the flipside, if your organisation onboards new employees or has contractors who are required to use devices you supply on a regular basis, or your approvals and procurement process runs slow - then having a pool of pre-configured spare devices (even just a couple) can really smooth the onboarding runway for everyone involved.

If having spare devices doesn't fit with how your business operates, then this is where having a streamlined device setup process really comes into its own. Single-sign-on and role-based access controls can make a real difference to the pace and consistency of how quickly IT can handle their tasks related to onboarding. And ultimately, get your new starter up and running as fast as possible.

Once your IT provider or IT Manager has your 'behind the scenes' systems humming, onboarding new employees and offboarding departing staff becomes a whole lot easier, consisten and more efficient.