Kindura
Resources
People, Devices & Access6 min read

Employee Offboarding Checklist

Offboarding is one of the easiest places for small businesses to leave hidden access behind. A repeatable checklist keeps the work calm and complete.

Quick answer

Employee offboarding should block or disable access at the agreed time, revoke sessions where available, remove groups and admin roles, recover or wipe devices according to policy, transfer ownership of files and mailboxes, and record completion.

Key takeaways

  • Do not rely on changing one password or asking a manager to remember every system.
  • Treat account access, data ownership, and device recovery as one process.
  • Keep a completion record so offboarding is auditable and repeatable.

Before the leaving date

  • Confirm leaving date, access removal time, manager, and HR or operations owner.
  • Identify company devices, accessories, security keys, and any personal devices with work data.
  • List Microsoft 365, Google Workspace, finance, CRM, HR, password manager, code, and supplier systems.
  • Confirm whether files, shared drives, mailbox access, calendar ownership, and phone numbers need handover.
  • Agree whether the account is disabled immediately or at a scheduled time.
  • Identify any admin roles or privileged access that must be removed first.

Access removal checklist

  • Block sign-in, suspend, or disable the account at the agreed time.
  • Revoke active sessions where the platform supports it.
  • Remove group memberships, shared mailbox access, delegate access, and privileged roles.
  • Transfer file, mailbox, calendar, or shared drive ownership where needed.
  • Remove third-party application access and connected OAuth apps where applicable.
  • Remove password manager access and rotate shared credentials if the leaver had access.
  • Document completed steps and any exceptions.

Device and data handling

Device recovery should be part of offboarding, not a separate afterthought. If a device cannot be returned quickly, decide whether remote lock or wipe is appropriate for your policy, employment context, and tooling.

Data handling should be practical and deliberate. Preserve what the business needs, transfer ownership before deleting accounts, and avoid keeping old active accounts just because nobody is sure what they own.

After offboarding

Review exceptions

If access remains open for a business reason, name the owner and review date.

Update records

Mark devices as returned, wiped, reissued, missing, or retired.

Improve the template

Add any missed systems or handover steps to the next leaver checklist.

Sources and further reading

Related resources

Checklist

New Starter IT Setup Checklist

A practical checklist for setting up devices, accounts, MFA, software access, and first-week support for new starters.

Explainer

What Is Device Management And Why Does It Matter?

A plain-English explainer for SMEs on device inventories, ownership, updates, access, protection status, lifecycle planning, and leaver recovery.

Checklist

The SME IT Operations Checklist

A practical monthly checklist for keeping devices, access, updates, support, reporting, and supplier ownership visible in a growing SME.