Back to Offboarding
Offboarding
Manufacturing

IT Access Revocation Checklist for Manufacturing

A comprehensive checklist for revoking all IT system access, recovering digital assets, and securing company data when an operator or contractor departs.

Per event
30-60 minutes
15 items
Compliance Note

Designed to support ISO 9001 quality management, workplace health and safety regulations, and environmental compliance reporting under Australian standards.

Complete Checklist

  • 1
    Disable the operator's primary user account in the directory service
    Critical
  • 2
    Revoke email access and set up an auto-reply or forwarding rule
    Critical
  • 3
    Remove access to all business applications and cloud services
    Critical
  • 4
    Disable VPN and remote access credentials
    Critical
  • 5
    Remove the operator from all shared drives and collaboration platforms
  • 6
    Transfer ownership of shared documents and files to the appropriate person
  • 7
    Revoke access to financial systems and banking platforms
  • 8
    Remove the operator from all email distribution lists and group chats
  • 9
    Change any shared passwords or system credentials the operator had access to
    Critical
  • 10
    Recover the company laptop, phone, and any other IT equipment
  • 11
    Wipe company data from any personal devices used under a BYOD policy
  • 12
    Archive the operator's email mailbox and files for retention purposes
  • 13
    Deactivate the operator's phone extension and voicemail
  • 14
    Update the IT asset register to reflect returned or reassigned equipment
  • 15
    Confirm all access has been revoked and document the completion
    Critical

Frequently Asked Questions

What should we do about shared passwords and accounts the operator knew?

Change all shared passwords and credentials immediately upon departure. This includes social media accounts, shared admin credentials, Wi-Fi passwords, and any system accounts that use shared logins. Implement a password manager and individual account access wherever possible to reduce dependency on shared credentials in the future.

When should IT access be revoked during the offboarding process?

For voluntary resignations, access is typically revoked at the end of the operator's last working day. For terminations, especially those involving misconduct or sensitive data, access should be revoked simultaneously with or immediately after the termination meeting. Have IT prepared in advance so revocation can happen promptly when triggered.

How long should we retain a departed operator's email and files?

Best practice is to archive email and files for at least 12 months to handle any follow-up enquiries, legal matters, or business needs. Some industries have longer mandatory retention periods. Set up email forwarding to the departing operator's replacement during the transition period. Establish a clear data retention policy and follow it consistently.

Need help implementing these checks into your daily operations?

Our team can build custom checklists integrated into your daily operations workflow.

Get a Custom QuoteView Our Services