A structured IT onboarding process sets up new employees for immediate productivity, ensures security compliance from day one, and prevents the common security gaps (forgotten MFA setup, excessive permissions, untrained on phishing) that create vulnerabilities. This checklist covers IT's responsibilities before, during, and after the new starter joins.
On this page
Pre-Start IT Preparation (5 Days Before)
0/9 complete
Day 1 Checklist
0/8 complete
Role-Based Access Provisioning
| Role / Department | Core Systems | Additional Access (by specific exception) | Access Review Frequency |
|---|---|---|---|
| Software Developer | M365, GitHub repo (team), Jira, Confluence, Dev VPN, AWS dev account | Production access (requires justification), GitHub admin | Quarterly |
| IT Operations / Sysadmin | M365, Internal AD admin, Azure portal (contributor), monitoring tools, VPN admin | AWS production admin, Active Directory domain admin | Monthly |
| HR / People Team | M365, HRIS (BambooHR/Personio), payroll system, Slack | Bulk employee data exports (requires manager + DPO), disciplinary case systems | Quarterly |
| Finance / Accounts | M365, Accounting platform (Xero/Sage/QuickBooks), expense system, payroll | Bank mandate access, signatory authority | Monthly |
| Sales / Customer Success | M365, CRM (HubSpot/Salesforce), Slack, Zoom, proposal tools | Customer data exports, API key access to customer systems | Quarterly |
| Marketing | M365, Slack, CMS, social media tools, analytics | Customer email list exports, ad accounts with spend capability | Quarterly |
| Executive / C-suite | All standard tools + executive reporting | Financial systems, board documents, all-hands communications | Monthly |
Software Developer
- Core Systems
- M365, GitHub repo (team), Jira, Confluence, Dev VPN, AWS dev account
- Additional Access (by specific exception)
- Production access (requires justification), GitHub admin
- Access Review Frequency
- Quarterly
IT Operations / Sysadmin
- Core Systems
- M365, Internal AD admin, Azure portal (contributor), monitoring tools, VPN admin
- Additional Access (by specific exception)
- AWS production admin, Active Directory domain admin
- Access Review Frequency
- Monthly
HR / People Team
- Core Systems
- M365, HRIS (BambooHR/Personio), payroll system, Slack
- Additional Access (by specific exception)
- Bulk employee data exports (requires manager + DPO), disciplinary case systems
- Access Review Frequency
- Quarterly
Finance / Accounts
- Core Systems
- M365, Accounting platform (Xero/Sage/QuickBooks), expense system, payroll
- Additional Access (by specific exception)
- Bank mandate access, signatory authority
- Access Review Frequency
- Monthly
Sales / Customer Success
- Core Systems
- M365, CRM (HubSpot/Salesforce), Slack, Zoom, proposal tools
- Additional Access (by specific exception)
- Customer data exports, API key access to customer systems
- Access Review Frequency
- Quarterly
Marketing
- Core Systems
- M365, Slack, CMS, social media tools, analytics
- Additional Access (by specific exception)
- Customer email list exports, ad accounts with spend capability
- Access Review Frequency
- Quarterly
Executive / C-suite
- Core Systems
- All standard tools + executive reporting
- Additional Access (by specific exception)
- Financial systems, board documents, all-hands communications
- Access Review Frequency
- Monthly
Remote Worker IT Setup Checklist
0/6 complete
Leavers / Offboarding IT Checklist
Offboarding failures are a major security risk
Former employees with active access have been responsible for data theft, sabotage, and unauthorised access incidents. Execute the leavers checklist on the employee's last day — not the week after.
0/11 complete