Back to IT & Systems
IT & Systems
Insurance
Updated March 2026

IT Offboarding — Insurance Edition

A procedure for securely removing IT access, recovering assets, and managing data for employees who are leaving the organisation.

Purpose

To protect organisational data and systems by promptly revoking all IT access for departing employees, recovering company assets, and preserving business data in accordance with retention policies.

Scope

Covers all IT-related activities required when an employee leaves the organisation, including access revocation, asset recovery, data preservation, and account decommissioning.

Prerequisites

  • Notification from HR of the employee departure date and last working day
  • Access to identity management and account administration systems
  • IT asset register showing assets assigned to the departing employee
Compliance Note

Aligns with ASIC regulatory requirements, General Insurance Code of Practice, and AFSL obligations. Includes audit trail provisions.

Step-by-Step Procedure

1

Receive Offboarding Notification

Receive formal notification from HR of the employee departure with the last working day and any special instructions.

  • 1.1Receive the offboarding notification through the HR system or email
  • 1.2Confirm the employee last working day and departure type
  • 1.3Create an offboarding checklist for the specific employee
IT Service Desk Analyst
10 minutes
HR System, IT Service Desk System, Offboarding Checklist
2

Plan Data Preservation

Coordinate with the employee manager to identify any data or files that need to be preserved or transferred before access is revoked.

  • 2.1Contact the departing employee manager to discuss data requirements
  • 2.2Identify files, emails, and data that need to be preserved or transferred
  • 2.3Arrange data transfer to the designated successor or manager
IT Service Desk Analyst
30 minutes
Email, File Management Tools
3

Revoke System Access

Disable or remove the employee accounts and access to all organisational systems on or before their last working day.

  • 3.1Disable the network account and email account
  • 3.2Revoke access to all business applications and cloud services
  • 3.3Disable VPN and remote access credentials
  • 3.4Remove the user from all security groups and distribution lists
IT Systems Administrator
30 minutes
Identity Management System, Application Admin Consoles
Tips
  • Time access revocation to occur at the end of the last working day unless immediate termination requires earlier action
4

Recover IT Assets

Collect all IT assets assigned to the departing employee, including devices, access cards, and peripherals.

  • 4.1Review the asset register for all items assigned to the employee
  • 4.2Collect the laptop, mobile phone, access card, and any other IT equipment
  • 4.3Check the condition of returned assets and note any damage
IT Support Technician
15 minutes
Asset Management System, Asset Return Form
5

Wipe and Redeploy Devices

Securely wipe returned devices and prepare them for redeployment or disposal.

  • 5.1Back up any required data from the device before wiping
  • 5.2Securely wipe the device using approved data destruction methods
  • 5.3Prepare the device for redeployment to another employee or disposal
IT Support Technician
1 hour
Data Wiping Tools, Asset Management System
6

Update Records and Close

Update all IT records to reflect the offboarding, including the access register, asset register, and licence assignments.

  • 6.1Update the access register to show all access has been revoked
  • 6.2Update the asset register to show all assets have been returned
  • 6.3Release any software licences assigned to the employee
  • 6.4Close the offboarding ticket and confirm completion to HR
IT Service Desk Analyst
15 minutes
IT Service Desk System, Asset Management System, Access Register

Quality Checkpoints

All system access is revoked on or before the employee last working day
All IT assets are accounted for and returned or reported as missing
Business data is preserved and transferred to the designated successor
Offboarding completion is confirmed to HR

Common Mistakes to Avoid

Delaying access revocation after the employee has departed, leaving accounts active
Forgetting to revoke access to cloud services or third-party applications
Not coordinating data preservation with the manager before revoking access
Failing to update the asset register when equipment is returned, causing discrepancies

Expected Outcomes

Access Revocation Timeliness

Percentage of offboardings where all access is revoked by the end of the employee last working day.

Asset Recovery Rate

Percentage of assigned IT assets successfully recovered during the offboarding process.

Frequently Asked Questions

What happens to the departing employee email?

The email account is disabled on the last working day. An auto-reply may be configured to direct contacts to an alternate person. Email data is preserved according to the retention policy.

What if the employee does not return their equipment?

Unreturned equipment is reported to HR and the employee manager. The employee may be invoiced for the replacement cost. The asset register is updated to reflect the status.

When should IT offboarding begin?

IT offboarding should begin as soon as the HR notification is received, which should be at least one week before the employee last day. Data preservation planning should start immediately.

Want this customised for YOUR business?

We'll tailor every step to your exact operations, tools, and team structure.

Get a Custom QuoteView Our Services