When an employee leaves — voluntarily or involuntarily — their access must be revoked promptly. Incomplete offboarding is one of the most common security gaps in SMBs. Former employees with active credentials can access sensitive data, financials, and IP. Atlantic Computer Systems provides a structured offboarding process that protects your organization and ensures compliance with HIPAA, SOC 2, and PCI-DSS.
Immediate Actions (Day of Departure)
Disable Microsoft 365 account, reset password, revoke VPN access, disable/reassign CloudVoice phone extension, remove from security groups and Teams channels, disable line-of-business app access, and collect all company devices and badges. Our managed IT team can execute all of this within minutes of notification.
Data Preservation
Convert their mailbox to a shared mailbox for manager access. Transfer OneDrive/SharePoint ownership. Export project-specific data and compliance records. Check for unsynced local files. Our cybersecurity team can audit for any data exfiltration attempts.
Device Recovery & Sanitization
Backup local data, perform secure wipe via endpoint management, remove from Azure AD. For retired devices, ACS provides certified data destruction with compliance certificates. See our Hardware Guide for replacement recommendations.
Third-Party & SaaS Access
Revoke access to: project management tools, communication platforms, cloud storage, vendor portals, and any accounts with credentials. Change shared passwords the employee had access to. Industries like financial services and government have additional compliance requirements.
Post-Departure Monitoring & Request
Monitor sign-in logs for 30 days post-departure. Check for email forwarding rules set before departure. Verify no unauthorized devices remain enrolled. Submit offboarding requests via Client Portal or call 1-650-300-7557 for immediate terminations. For onboarding the replacement, see our New Employee IT Setup Guide. Visit our Client Support Hub, check pricing, or contact us.
