In today's dynamic business environments, an organization develops relationships with its customers, contractors, and business partners at a faster pace than ever before. One of the major concerns across all types of organizations is the need to remove access to IT assets as quickly as possible when a relationship with an employee, contractor, or business is ended, especially if the relationship ends on less then congenial terms.
In this IBM Redguide™ publication, we discuss processes and procedures for offboarding individuals to help ensure that the access and entitlements are removed in a timely fashion to mitigate risks of data theft and other malicious activity. We also talk about the business risks that drive the need for offboarding processes and the required measurements to prove that the risks are being mitigated.
We present several control processes that need to be in place to mitigate the offboarding risks by using the IBM Security Blueprint. These processes are designed for companies who typically divide up offboarding responsibilities between HR, the IT organization, and IT system owners. Since different organizations may accept varying risk levels in regards to offboarding and they may want to investment differently for offboarding control processes, we introduce a maturity model that is designed to accommodate these differences. Finally, we sketch out some of the different products and services that can be applied to each of the maturity levels.
This guide is a valuable resource for business and HR leaders, security officers, consultants, and architects who wish to better understand and implement an employee offboarding process.
Table of contents
Introducing the IBM Security Framework and IBM Security Blueprint
Business risks in employee offboarding
Introducing control processes for employee offboarding
Introducing a maturity model for employee offboarding controls
IBM solutions to address maturity levels