IT offboarding is the process of systematically revoking an employee's access to systems, recovering company-owned devices and hardware, and securing organizational data when someone leaves the company, whether through resignation, termination, or role transition. Done correctly, it is a defined workflow that completes within hours of a departure. Done poorly, it is a security exposure that can last for months.
Why It Matters More Than Most Organizations Realize
The average organization takes longer than it should to fully revoke access after an employee departs. In some cases, former employees retain access to systems for weeks. In others, accounts are deactivated in the primary identity provider but remain active in SaaS tools that were provisioned separately. This is not purely theoretical risk. Data exfiltration by departing employees, especially those leaving under difficult circumstances, is a real and documented threat. So is the simpler problem of paying for licenses that no one is using because the account was never deprovisioned.
What a Complete IT Offboarding Covers
Access Revocation
The first and most time-sensitive step. The employee's account in the central identity provider should be suspended or deactivated, which (if SSO is properly configured) cuts access to all connected applications simultaneously. SaaS tools that are not connected through SSO need to be handled separately, which is why maintaining a complete inventory of which applications an employee uses is part of offboarding preparation, not something to figure out after they have left.
Device Retrieval
Company-owned hardware including laptops, phones, and accessories should be returned and logged. If the employee is remote, a shipping process should be initiated immediately. Devices should be wiped and either redeployed or retired through the appropriate process.
Data Preservation
Before wiping devices or suspending accounts, relevant data should be preserved: email and calendar archives, files in shared drives, any documents that belong to the organization. Who owns what should be clear before the process starts, not during.
License Reclamation
Once accounts are deprovisioned, those licenses should be returned to the available pool, especially for per-seat software. This is often overlooked, and it is frequently where license audits turn up the most waste.
Knowledge Transfer
IT offboarding intersects with HR and management processes here. Passwords to shared accounts, documentation of systems only the departing employee managed, and any ongoing IT responsibilities should be formally handed off before the last day.
The Involuntary Departure Scenario
When someone is let go unexpectedly, the timeline is compressed. Access needs to be revoked at the same time or before the employee is notified. This requires coordination between HR and IT that should be defined in advance, not improvised. Having a checklist that can be executed in under an hour is the standard to aim for.