Technology Onboarding, Transfers, and Offboarding

Overview

This procedure ensures the secure, appropriate and timely technology onboarding of new hires, transfer of existing employees, and offboarding of those separating from the university. This procedure establishes governance for technology access, technology equipment, email distribution memberships, data protection, and responsibilities of supervisors and new/departing users at the time of onboarding and offboarding.

Technology resources are vital for employees and volunteers who depend on such technology for their job functions. The appropriate notifications to the Department of Information Technology ("IT") are vital to ensure employees have access to such resources promptly. Additionally, the appropriate notifications to IT are vital for transfers and departing users to ensure the protection of university resources from information security threats and to remain compliant with regulatory data protection and privacy requirements.

Onboarding

• New user account requests for employees, affiliated faculty, student workers or volunteers that require access to technology resources shall be made by Human Resources only. New user accounts will not be created without initiation from these offices.
• New user account requests for temporary contractors must be submitted via Guest Account Request Service. 
• IT shall conduct onboarding/offboarding overview sessions with supervisors to ensure awareness and compliance with the procedure.
• Computers, monitors, and desk phone hardware for new hires must be requested by their respective supervisor by the cutoff period specified in the IT Service Level Agreement (SLA). Failure to do so may result in inadequate hardware not being available on the new hire’s start date. Supervisors must request hardware for new employees by submitting an IT Account Request form (for computers) and a separate Accessory Request for monitors, keyboards and other accessories. Visit the Requesting a New NEOMED Employee Account/Computer page for information on how to access these forms. 
• Access to specific data/systems must be requested by the employee's respective supervisor. Supervisors should request data access using the IT Account Request form. Access should be requested by their respective supervisor by the cutoff period specified in the IT Service Level Agreement (SLA). Failure to do so may result in insufficient access upon the new hire’s start date. Requests for data and database access will require the appropriate approval from the data owners per the Information Security Program
• Supervisors and new employees are responsible for following technology onboarding instructions and completing required onboarding training. Supervisors should contact the IT Help Desk if instructions have not been provided prior to the new employee’s start date.
• New hires are responsible for reading the technology handbook, all technology policies on NEOMED's policy page, IT Service Level Agreement (SLA), and guidelines located on the IT intranet site.

Transfers to New Department

• Supervisors of users transferring to their department are responsible for notifying Human Resources of the transfer. Human Resources will initiate the IT account transfer request. This request is critical for information security. Transfer requests to IT will not be performed without initiation by Human Resources.
• The IT shall notify both the new and former supervisor of transferred employees of technology transfers, including hardware, software, and access transfers.
• Unless directed otherwise by the Chief Information Technology Officer ("CITO"), IT will own hardware/software used by employees and make final decisions regarding technology reassignments. 

Offboarding

• For NEOMED users that resign or separate from the organization voluntarily, Human Resources should be notified through the normal separation process. Human Resources shall initiate the technology account decommissioning process. Accounts will be deactivated on the separating employee’s last workday per Human Resources. Such user accounts will be deleted per the IT process after a set duration of an account being deactivated.
• Unless an exception is granted by the Chief Information Technology Officer ("CITO"), requests to keep accounts active beyond the indicated separation date shall not be honored and departing user access will not be kept active beyond the separation date. If the user is performing another position outside of the position they have separated from and must maintain some or all technology access to work, the current supervisor of the user is responsible for notifying Human Resources.
• In the event a user is dismissed involuntarily, the supervisor of the separating employee must immediately notify the CITO, Director of Information Security & Education Services, and the Human Resources department. Such immediate separations require time-sensitive action on technology access and equipment and require escalated processing by IT. To notify the IT personnel, use the escalation contact information available in the IT Service Level Agreement (SLA).
• Computers, monitors, and desk phones for separating employees must be returned to IT upon separation. Supervisors of separating employees are responsible for collecting the technology equipment and submitting a ticket for IT to pick up the equipment. Employees that intend on returning to the university after retirement must still return univeristy assets to IT upon separation. If hired in the future, technology will be provided in accordance with Onboarding procedures.
• Access to databases, email, and the network will be deactivated/removed on the date indicated in the HR Notification list. For involuntary terminations, all account access is deactivated immediately. Supervisors are responsible for understanding the implications of deactivated access before the separation date.
• IT shall notify the supervisor of the separating employee of offboarding information and responsibilities of the supervisor. Supervisors are responsible for ensuring that the new hire follows the information contained in the notification.
• Separating users are prohibited from copying or transmitting sensitive information from their University-issued technology resources to other locations. Doing so may violate policies such as the Acceptable Use Policy, Information Security Program, and related employee offboarding guidelines. Any confidential information authorized during the active work period must be returned to the university. Likewise, any personal mobile device with synced email must be removed from personal devices prior to the separation date.
• Users should not store personal files on the local hard drive of computers or on shared cloud drives. As such, requests to remove or transfer personal files prior to or after separation will not be honored. Intellectual Property approved by HR or General Counsel must be removed before the separation date. IT will not be responsible for retrieving Intellectual Property lost during the wiping or deactivation of accounts.