UnixTime

Research Note

Leaver and Role Change Security Checklist

Use this checklist for employee leavers, contractor offboarding, third-party user removal, and internal role changes.

On this page

When to use this

Use this checklist for employee leavers, contractor offboarding, third-party user removal, and internal role changes.

Checklist

  • Confirm termination, contract end, or role-change date.
  • Identify urgency level: normal / urgent / high-risk.
  • Notify HR, line manager, IT, security, facilities, and other relevant parties.
  • Remove old logical access rights.
  • Remove privileged access and shared-group memberships.
  • Remove physical access cards, keys, badges, and facility permissions.
  • Remove customer, supplier, SaaS, cloud, and third-party portal access.
  • Return organization and customer equipment.
  • Return or securely remove organization information from devices and repositories.
  • Update asset and access inventories.
  • Communicate continuing confidentiality, privacy, IP, and legal duties.
  • Confirm old-role access is removed before new-role access is added where applicable.
  • Record evidence location and closure.

Record

Field Value
Person or ID TBD
Event type Leaver / role change / contractor end
Effective date TBD
Urgency Normal / urgent / high-risk
Access removed date TBD
Assets returned date TBD
Continuing duties communicated Yes / No
Evidence location TBD
Owner TBD