In an ideal world, every new employee would begin in his or her new role on day one with everything needed to do the job: a security badge, work space, furniture, a phone, office supplies, any required equipment, and a laptop or desktop set up with all required applications, an email account, and access rights to all necessary enterprise systems.
While any number of things can go wrong and prevent such new-job nirvana, developing a comprehensive new employee onboarding process can maximize odds of first-day success and minimize the risk of new employees lacking any essential facilities, resources, equipment, or system access.
Identity and Access Solutions tools provides an ideal framework for designing, implementing, and optimizing complex processes like new employee onboarding. It provides a toolset that crosses functional boundaries; enables automation of tasks, scheduling, and approvals; and incorporates both quantitative and qualitative (employee feedback) metrics that support continual onboarding process refinement and improvement. Developing the onboarding process starts by envisioning the end state (a fully provisioned employee, ready to be productive from the start) and working backward to identify all of the activities that need to happen in order to achieve that outcome.
What are the tasks involved? Who needs to provide approval for each purchase or activity? Which departments and individuals are involved? What are the timelines (e.g., item A has to ordered one week before employee start date) and prerequisites (e.g., specification precedes approval, which is required for purchasing, which must happen before installation)?
Next, assemble the team (all process owners who need to be involved) and use graphical tools to map out task trees. Look for opportunities to automate processes wherever possible, and remove (or at least account for) bottlenecks. Finally, test the process from end to end, to assure the right people receive the right notifications at the right time, and underlying systems involved in the process (ITSM, HR, facilities management, payroll, etc.) are properly and accurately updated by the Identity and Access Management engine.
Of course, the onboarding process is unique for each role, in each location; provisioning a new sales representative in a regional office is much different from setting up a new accounting manager at corporate headquarters.
Still, much of the process may be common across jobs. Another advantage of using an IDENTITY AND ACCESS SOLUTIONS TOOL strategy for employee onboarding is the ability to clone process workflows and modify them as needed to address different circumstances. This greatly simplifies the process of developing onboarding processes for each additional role.
Glitches can always happen of course, and everything may not be perfectly in place for every new employee on day one. But utilizing the IDENTITY AND ACCESS SOLUTIONS TOOL framework for onboarding provides a structure that minimizes the risk of any balls being dropped. Particularly for large organizations that frequently bring on new employees, IDENTITY AND ACCESS SOLUTIONS TOOL helps assure those individuals have what they need to feel comfortable in their roles and be productive right out of the gate.
The enterprise user offboarding process is the ugly stepbrother to an organization's user onboarding provisioning process. Everyone's more than willing to follow the proper procedures and can generally be found standing over the provisioning administrator's desk when they need access to an IT resource they needed yesterday. But when it comes to removing access due to a changing job role or someone leaving the organization, IT is notified to revoke access whenever department authorities get around to it. This translates, in many cases, to access never being removed.
So how do enterprises ensure system administrators and provisioning systems get notified in a timely manner when it's necessary to remove someone's access? As mentioned, HR isn't the best source of record and they aren't always timely with their notifications. This lag in user access in provisioning generally isn't intentional but has to do with HR's service-level agreements (SLAs) with the organization. HR normally has an SLA of adjusting personnel records one day before the payroll is processed. If the company pays its employees on a bi-weekly period, a person exiting the organization on the day after the payroll is processed may not have his or her change processed for 12 days. In the meantime, the person's network access and accounts would remain active.
The best way of de-provisioning users in a timely manner requires a three-pronged approach. The first thing that must be done, and generally the hardest to accomplish, is to raise the flag by focusing attention on the problem and making executive management aware of the risks posed by having " accounts within the organization's business systems. Within today's Internet business model, it's easy to research and document the high costs to organizations through data loss and reputation and monetary costs when they have been sloppy in managing user access. Informing the organization's management will help to gain recognition and compliance for whatever solutions are proposed, as it's the duty of IT security departments to inform executives of the potential risks facing an organization.
the next step is to implement a separate de-provisioning notification process outside of the HR environment. This generally involves creating an internal "de-provisioning" website where managers can easily - emphasis on easily - access and report on user job changes and exits. The tools to create the site, logic and workflows for executing user changes are built into all modern provisioning systems and require no additional licensing or software costs.
Finally, the last step is to ensure user managers notify the provisioning team in a timely manner. This is where the value of Step 1 and Step 2 come in. As part of the briefing process for executive management, the IT group should request that compliance with this key process be formally communicated from the top-down. Not only should management stress the value of this action, but the IT group should also make a commitment to periodically report to department managers the statistical tracking numbers of current employees so IT can gauge the level of compliance with this process. This is an effective method to ensure that middle and lower management cooperate. During this process, IT should also provide training to the organization's managers on how to access and use the site in Step 2. This allows a balance to exist between the process of compliance and the advantage of making it easy to report on changes. If the site is user-friendly and requires a minimal amount of time to report changes, managers will generally be willing to incorporate this task into their daily routines.
The disclaimer to this response is that not all people like to follow the rules, but with good communication among an organization's managers and enforcement, this problem can be greatly reduced, if not completely eliminated.
Click Here to Download
Sutton Plaza, 1373 Broad St Suite 207
Clifton, NJ 07013