Beams IconCalendar Health Check - Fitbit for your calendar | Product Hunt

Software Offboarding Guide - How To Safely Offboard Departing Employees

When an employee leaves your company, properly managing their offboarding is crucial for maintaining security, data integrity, and business continuity. One of the most critical parts of this process is removing their access from the company’s tool stack, including Google Workspace and any other software your business relies on.
This article provides a step-by-step guide to offboarding an employee both from Google Workspace and other third-party tools to ensure that your business remains secure and operations continue seamlessly.
 

Step 1: Create an Offboarding Checklist for Google Workspace and Other Tools

Start by compiling a comprehensive offboarding checklist. This will ensure that you don’t miss any critical tools or access points while offboarding the employee.
  1. Inventory of Tools: Document every tool the employee uses, including Google Workspace (Gmail, Drive, Calendar, etc.), third-party SaaS tools (Slack, Asana, Salesforce, etc.), and any APIs or internal software.
  1. Assign Responsibilities: Allocate tasks to IT, HR, and managers. For instance, IT handles Google Workspace and network access, while HR may oversee payroll systems.
  1. Set Deadlines: Make sure all access is revoked, and ownership of data is transferred by the employee’s last day.
 

Step 2: Offboard from Third-Party Tools

Before addressing the Google Workspace account, you should revoke access and transfer responsibilities for any third-party tools the employee used.
  1. Third-Party SaaS Tools: Transfer ownership of any ongoing projects in tools like Asana, Trello, Jira, or Slack to another team member. Ensure the employee’s access to these tools is revoked.
  1. Password Managers: If the employee had access to password management tools (like LastPass or 1Password), revoke their access and update any shared credentials to maintain security.
Pay special attention if the employee is the only person with access to a certain tool. And if the employee had admin roles, always reassign those to another user.
 

Step 3: Reassign Data Ownership in Google Workspace

Before you suspend or delete the employee’s Google Workspace account, you need to reassign ownership of important files, emails, and calendar events to ensure continuity. When you try to delete an account, Google recommends to reassign ownership first.
  1. Transfer Google Drive Ownership: Use the Admin Console to transfer the employee’s Google Drive files to another team member. Ensure that all critical documents remain accessible and properly organized for ongoing work.
  1. Reassign Calendar Events: If the employee organized meetings or recurring events, transfer the ownership of these events to another team member to prevent any disruptions in scheduling. If they’re attending any regular meetings, you can remove them from there.
  1. Set Up Email Forwarding and Auto-Responses: Set up an email forwarding rule so any incoming emails are sent to another employee. Additionally, you can set up an automatic reply to notify external contacts of the employee's departure and provide a new point of contact.
 

Step 4: Revoke Access to Google Workspace

Once data has been transferred and tasks reassigned, you can now proceed with revoking the employee’s access to Google Workspace.
  1. Revoke OAuth Tokens for Third-Party Apps: If the employee had any third-party apps integrated with their Google Workspace account (like Slack or Trello), revoke these tokens. This can be done in the Admin Console under Security > API Permissions. This ensures that the employee no longer has access to external apps that were integrated with their Google account.
page icon
For a more detailed description of how to remove access, read our Blog post ’How To Safely Remove an App as a Google Workspace Admin’
 
  1. Disable Mobile Device Access: If the employee used mobile devices to access Gmail, Drive, or other apps, go to Device Management in the Admin Console and wipe any company data from their devices.
  1. Suspend or Delete the Google Workspace Account: Finally, suspend or delete the employee’s Google Workspace account. Suspending retains data while cutting off access (user license fees still apply to the suspended users.), while deleting is irreversible.
 

Step 5: Audit and Secure Other Access Points (Primarily for Developers and IT Personnel)

Beyond Google Workspace and third-party tools, employees often have access to internal systems or APIs. Ensure that all access points are addressed.
  1. VPN and Network Access: Immediately revoke VPN access and any network credentials. Ensure that two-factor authentication tokens or devices linked to the employee are disabled.
  1. API and Developer Tools: If the employee used development tools or managed API keys, regenerate keys to prevent unauthorized access. Review their access to cloud infrastructure like AWS or Google Cloud and remove permissions.
 

Step 6: Conduct a Final Review and Compliance Check

Once access has been revoked from all critical systems, perform a final review to ensure no points of entry have been overlooked.
  1. Audit Log Review: Use Google Workspace’s audit logs to check for any unusual activity or lingering access. This can be found under the Admin Console > Reporting. Review logs from other tools like Slack or Trello as well.
  1. Compliance Review: Ensure that the offboarding process complies with industry regulations, such as GDPR or HIPAA, regarding the removal of data access. Google Workspace’s Vault can help with data retention and compliance needs.
  1. Device Collection and Data Wipe: Ensure that all company-owned devices (laptops, phones) are collected from the employee and wiped or re-assigned. For personal devices used for work, wipe company data remotely where applicable.
 

Step 7: Exit Interview and Feedback

Conducting an exit interview with the departing employee can provide useful insights for improving future offboarding processes.
  1. Ask About Tool Usage: During the exit interview, inquire if the employee had access to any tools not listed in your initial inventory. This helps ensure no overlooked accounts are left active.
  1. Gather Feedback on Tools: The employee may have useful feedback about the tools they used. Their insights could help improve the software stack for remaining and future employees.
 

Conclusion: Comprehensive Offboarding for Security and Continuity

Successfully offboarding an employee from Google Workspace and other software tools is vital for protecting company data and ensuring a smooth transition. By following these steps, you can efficiently manage access revocation, data transfer, and compliance, all while minimizing disruptions to your operations.
 
page icon
For a much more intuitive overview of all apps used per employee in your organization, check out the Tool Overview by beams. It shows who is accessing which apps and with what permissions for an easy identification of potential security risks.
If you are a Google Workspace Admin, you can sign in here: https://app.usebeams.com/company-login
 
Beams Icon

We believe technology can feel like magic and should enable us to work better, not more.

Copyright © 2024 Betaverse UG

team@usebeams.comFeature RequestsPrivacy PolicyTerms of UseImprint