Skip to content

Employee Leaving? IT Offboarding Checklist to Protect Your Business

Updated

Why IT Offboarding Matters

When an employee leaves your business, there is a critical window where your data and systems are at risk. If accounts are not disabled promptly, shared passwords are not changed, and devices are not recovered, a departing employee — or anyone who gains access to their credentials — could access sensitive business information.

A structured IT offboarding process protects your business, ensures compliance with GDPR, and gives you a clean break. Yet many UK businesses have no formal offboarding checklist at all, relying on memory and ad-hoc processes that inevitably miss something.

Immediate Actions: Day of Departure

These steps should be completed on the employee's last working day, ideally at the time they leave the building:

Disable Accounts

  • Disable their user account in your identity provider (Microsoft Entra ID, Google Workspace, Okta) — do not delete it immediately, as you may need access to their data
  • Revoke email access and set up a mailbox redirect or auto-reply if needed
  • Disable VPN and remote access credentials
  • Remove from SSO-connected applications — CRM, accounting, project management, etc.

Recover Hardware

  • Collect their laptop, monitors, and peripherals
  • Recover any company mobile phones and SIM cards
  • Collect access cards, security fobs, and keys
  • Retrieve any USB drives or external storage devices

Secure Shared Credentials

  • Change passwords on any shared accounts the employee had access to
  • Rotate API keys or service account credentials they may have used
  • Update credentials in your password manager and notify relevant team members

Within 24 Hours

Complete these steps within a day of the employee's departure:

  • Review their access logs for any unusual activity in the days leading up to departure
  • Transfer ownership of shared files, folders, and documents to their manager or replacement
  • Redirect their email to an appropriate colleague or a shared mailbox
  • Remove them from Teams channels, Slack workspaces, distribution lists, and shared calendars
  • Revoke any third-party app authorisations connected to their work account (check OAuth consents in your identity provider)

Within One Week

Tie up loose ends in the week following departure:

  • Wipe the returned device and reset it for the next user or return to inventory
  • Back up their data — emails, files, and documents — in case it is needed for business continuity or legal purposes
  • Deactivate software licences to avoid unnecessary costs
  • Remove their mobile device from your MDM (mobile device management) platform
  • Update your asset register to reflect returned hardware and reassigned licences

GDPR Considerations

Under GDPR, you have obligations around the data a departing employee handled:

  • Do not retain personal data longer than necessary — set a data retention period for former employee mailboxes and files
  • If the employee requests their personal data (Subject Access Request), you must comply within one month
  • Ensure any client data they had access to is properly secured and access is transferred
  • Document the offboarding actions taken as part of your GDPR accountability records

For more on data protection compliance, see our guide to cyber security services for UK businesses.

Offboarding Checklist Summary

TaskWhenDone
Disable user account and emailDay of departure
Revoke VPN and remote accessDay of departure
Collect hardware and access cardsDay of departure
Change shared passwordsDay of departure
Transfer file and email ownershipWithin 24 hours
Remove from Teams/Slack/groupsWithin 24 hours
Wipe and reset deviceWithin 1 week
Deactivate software licencesWithin 1 week
Back up data for retentionWithin 1 week
Update asset registerWithin 1 week

Automating Offboarding

Manual offboarding is error-prone. The more you can automate, the less likely something will be missed. Modern identity platforms like Microsoft Entra ID and Okta allow you to create automated workflows that disable accounts, revoke access, and trigger notifications to IT and HR when an employee's status changes.

For a complete guide covering both sides of the process, see our blog on IT onboarding and offboarding.

If your IT offboarding process is currently informal or inconsistent, a managed IT provider can help you build and automate a robust offboarding workflow that runs like clockwork every time.

Need IT Support?

Protect your business when staff leave — get a secure offboarding process in place.

Get a Free IT Quote

Other articles in IT Onboarding & Offboarding

How to Set Up a New Laptop for a Business UserNew Employee IT Setup Checklist: Everything You Need to Prepare

©Connection Technologies 2026. All Rights Reserved.

Connection Technologies Limited is authorised and regulated by the Financial Conduct Authority, reference FRN 958225

Registered office: Fareham Innovation Centre, Merlin House, 4 Meteor Way, Fareham, Lee-on-the-Solent, PO13 9FU.

Registered in England and Wales, Company No. 11630924

Connect with Us

Linkedin
Sitemap