IllumiDesk Security Docs
  • IllumiDesk Team Handbook
  • People Group
    • Introduction
    • General Employment
    • Employment Status & Recordkeeping
    • Working Conditions & Hours
    • Employee Benefits
    • Employee Conduct
    • Timekeeping & Payroll
  • Security and Compliance
    • Security Controls
      • BC.1.01 - Business Continuity Plan
        • IllumiDesk Business Continuity Plan
        • IllumiDesk Disaster Recovery
        • IllumiDesk Reference Architectures
        • IllumiDesk Handbook listing of DR for Databases
      • BC.1.0.2 - Business Continuity Plan: Roles and Responsibilities
      • BC.1.03 - Continuity Testing
      • BC.1.04 - Business Impact Analysis
        • Business Impact Analysis in the handbook
        • Data Protection Impact Assessment (DPIA) Policy
        • Data Protection Impact Assessments or DPIAs
        • UX Department
        • Triage Operations - Communication about expected automation impact
        • NIST BCP with reference to BIA
      • CFG.1.01 - Baseline Configuration Standard
        • Laptop or Desktop System configuration
        • Configuring New Laptops
        • Security Best Practices
      • CFG.1.03 - Configuration Checks
        • Production Change Requests Policy
      • CM.1.01 - Change Management Workflow
      • CM.1.02 - Change Approval
      • CM.1.03 - Change Management Issue Tracker
      • CM.1.04 - Emergency Changes
      • DM.1.01 - Data Classification Criteria
        • Data Classification Policy
      • DM.2.01 - Terms of Service
        • Application Terms of Use
      • DM.4.01 - Encryption of Data in Transit
        • Deprecate support for TLS 1.0 and TLS 1.1
      • DM.7.03 - Data Retention and Disposal Policy
      • IAM.1.01 - Logical Access Provisioning
        • Access Requests
        • Access Management Process
      • IAM.1.02 - Logical Access De-Provisioning
        • Access Management Process
        • Logical Access Deprovisioning
        • Access Reviews
        • IllumiDesk Offboarding Guidelines
      • IAM.1.04 - Logical Access Review
        • Access Reviews
      • IAM.1.05 - Transfers: Access De-Provisioning
        • Access Control Policy and Procedures
        • Job Transfers
        • Access Change Request
      • IAM.1.06 - Shared Logical Accounts
        • Security Process and Procedures for Team Members
        • Access Management Process
      • IAM.1.08 - New Access Provisioning
        • Access Requests
        • Access Management Process
      • IAM.2.01 - Unique Identifiers
        • Unique Account Identifiers
        • Access Control Policy and Procedures
        • Section on shared accounts in Okta handbook page
        • Access Management Process
      • IAM.2.02 - Password Authentication
      • IAM.2.03 - Multi-factor Authentication
      • IAM.3.02 - Source Code Security
      • IAM.4.01 - Remote Connections
      • IAM.6.01 - Key Repository Access
      • IR.1.01 - Incident Response Plan
      • IR.1.03 - Incident response
      • IR.1.04 - Insurance Policy
      • IR.2.02 - Incident Reporting
      • NO.1.01 - Network Policy Enforcement Points
      • PR.1.01 - Background Checks
      • RM.1.01 - Risk Assessment
      • RM.1.02 - Continuous Monitoring
        • Security Compliance
      • RM.1.04 - Service Risk Rating Assignment
      • RM.1.05 - Risk Management Policy
      • RM.3.01 - Remediation Tracking
      • SDM.1.01 - System Documentation
      • SG.1.01 - Policy and Standard Review
      • SG.2.01 - Information Security Program Content
      • SG.5.03 - Security Roles and Responsibilities
        • Incident Management Roles and Responsibilities
      • SG.5.06 - Board of Director Bylaws
        • Governance Documents
      • SG.5.07 - Board of Directors Security Program Content
        • Audit Committee Agenda Planner
      • SLC.1.01 - Service Lifecycle Workflow
      • SLC.2.01 - Source Code Management
      • SYS.1.01 - Audit Logging
      • SYS.2.01 - Security Monitoring Alert Criteria
      • SYS.2.07 - System Security Monitoring
      • TPM.1.01 - Third Party Assurance Review
      • TPM.1.02 - Vendor Risk Management
      • TRN.1.01 - General Security Awareness Training
        • Security Awareness Training
      • TRN.1.02 - Code of Conduct Training
      • VUL.1.01 - Vulnerability Scans
      • VUL.1.03 - Approved Scanning Vendor
      • VUL.2.01 - Application & Infrastructure Penetration Testing
      • VUL.3.01 - Infrastructure Patch Management
      • VUL.3.02 - End of Life Software
      • VUL.4.01 - Enterprise Protection
      • VUL.5.01 - Code Security Check
      • VUL.6.01 - External Information Security Inquiries
  • VPAT Version 2.3
Powered by GitBook
On this page
  • Offboarding Issues
  • BambooHR
  • Tools Offboarding
  • G Suite
  • Slack
  • Team Page
  • Compliance
  1. Security and Compliance
  2. Security Controls
  3. IAM.1.02 - Logical Access De-Provisioning

IllumiDesk Offboarding Guidelines

The People Experience Coordinator will assign the relevant offboarding to the People Experience Associate from within the offboarding tracker. Once assigned, the People Experience Associate creates the offboarding issue, immediately upon request by the People Business Partner team in the #offboarding Slack channel and completes all People Experience tasks within 24 hours. Many other teams work to deprovision access, this should be regarded as urgent and expected to be completed in 5 working days with the exception of Laptop returns, which can take 2 - 4 weeks.

Offboarding Issues

  1. In Slack, go to your profile as if you were going to send a Slack message to yourself. Type the command /pops run offboarding BambooHR_ID_number (not Employee ID #). This number is found in the team member's BambooHR profile URL, after id=. It is a 5-digit number. An example of the command would be /pops run offboarding 00000. If BambooHR's API is down, this ChatOps command will fail and will need to be created manually.

  2. You will be pinged in Slack once the offboarding issue is created, which usually takes 30 seconds or so. The ping will include a link to the new offboarding issue.

  3. You will need to update the Department, IllumiDesk Email Address and IllumiDesk Handle within the issue.

Note: If the team member is transitioning to a temporarily positioned contractor, please proceed with the full offboarding and create a separate onboarding issue to grant only specific temporary access for what they would need to fulfill their contractual obligations.

BambooHR

  1. Update Employment Status -

    1. Effective Date

    2. Employment Status

    3. Termination Type

    4. Termination Reason - Ensure the PBP gives you a reason listed within BambooHR.

    5. Eligible for Rehire

  2. Then click on the setting gear symbol in the right hand corner and set employee to terminated

If the team member is on the People Team, the People Experience Associate will need to notify the Total Rewards team in order to have them update the employment status.

Tools Offboarding

G Suite

IT Ops will follow the below steps to set up an auto-response that notifies the sender that the team member they are trying to reach is no longer with IllumiDesk and who to contact.

  1. Add the team member to the former_employees@IllumiDesk.com's email account by selecting the dropdown icon ˇ in the User information section and adding the team member's IllumiDesk email address.

Note: Be sure to scroll down and Save this change or it will not be reflected.

  1. Set up a routing rejection rule for the team member by;

    1. Navigate to Google admin portal then Apps > G Suite > Gmail > Advanced settings > Routing > Routing.

    2. Hover over the routing option and click on Add another. Please enter a name below the title "Routing" with lastname firstname rejection rule

    3. Check the option Inbound and Internal-receiving under Messages to affect.

    4. Check Only affect specific envelope recipients under the Envelope filter title.

    5. Enter the team members's email address right below the title Email address.

    6. Under the title For the above types of messages, do the following, please change from Modify message to Reject message.

    7. Add the appropriate template per team member's department under the Customize rejection notice

    8. Scroll down and click on Add setting and then on Save at the bottom (once the window closes).

Slack

Team Page

The People Experience Associate will navigate to the team.yml file. Using Web IDE or your editor of choice, search the team member name and delete their team page image and replace with ../IllumiDesk-logo-extra-whitespace.png. Don't forget to delete the image by navigating to Source/images/team while still here and search for their image. Ideally saved as firstnamelastname.png. The images are in alphabetical order.

To remove pet entry and any mentions from the handbook and documention, you will need to download the www-IllumiDesk-com project to your computer and use a prefered text editor.

To download;

  1. Navigate to the IllumiDesk.com project

  2. On the far right corner, click Clone and copy the clone with SSH URL, git@IllumiDesk.com:IllumiDesk-com/www-IllumiDesk-com.git

  3. On your command line, run git clone git@IllumiDesk.com:IllumiDesk-com/www-IllumiDesk-com.git This downloads the project to your computer mostly on the document folder. Consider going through the Clone a repository and the Command Line documents to understand further.

To Find All using Atom;

  1. Download Atom at atom.io

  2. After installing, click Open Project on the Welcome Guide Page.

  3. Choose www-IllumiDesk-com project from your Documents folder

  4. On the Find tab drop down menu, click Find in Project

  5. Search all variations of the departing team members name; firstname, lastname and IllumiDesk username.

  6. Follow the File path given in the results on the Web IDE and delete all the mentions, make sure to replace any mentions you deem appropriate with who is standing in for the position. DO NOT delete any blog mentions.

Compliance

The People Experience Coordinator completes a weekly audit of all offboarding issues opened within that specific week and checks that all tasks have been completed by all Departments. In the event that tasks are still outstanding, the People Experience Coordinator will ping the relevant Departments within the offboarding issue to call for tasks to be completed.

Once all tasks have been completed, the People Experience Coordinator or Associate will close the offboarding issue and mark as completed in the offboarding tracker.

All offboarding tasks by all Departments need to be completed within 5 days of the offboarding date.

PreviousAccess ReviewsNextIAM.1.04 - Logical Access Review

Last updated 1 year ago

IT Ops check if the team member has created any bots before disabling the account. Go to or on your admin Slack profile click Menu » Configure Apps » Custom Integrations » Bots and search through the bots' list for the team member. If a bot exists, please DM the manager to confirm if the bot should be removed.

Slack