X hits on this document





12 / 28

Control deployment and execution

The control processes for the employee offboarding scenario require a centralized IT infrastructure and centralized information services about employees, contractors, business partners, and so on, which are described in the following sections. Once the infrastructure is in place, a set of business processes to support the offboarding security policy can be described.

The business processes to implement the employee offboarding scenario are shown in Figure 5 and described in the following sections:

  • HR processes

  • Directory processes

  • Identity management processes

HR Syst em s

Directory Updat e Ap pl ica tio n

Ma s te r Di r e ct or y

  • O

    n/ O ff -

b o ar d i n g Trigger

  • O

    n /O f f-

boar i ng

Ev e n t Q u eu e

H R Ev en t Subsc i ber


  • O

    u ts o ur c ed s e rv ice

pro iders

H R Ev en t Subsc i ber Queue

H R Ev en t Subsc i ber


E mergency Block Ap p lic at io n

Blo c k Lis t

Recent ly Deleted Enti ties Direct ory

On/ Of f-boarding Ser ice B us

Internal Ident i y Management

IT S ystems

H R Pr o ce ss e s

D ir ec to r y Pr oc e ss es

Se r ve r s Identity M anagement Processes

Of f-boarding Event Audit S erver

Compl iance Trac i ng P rocesses

Figure 5 Business processes to implement employee offboarding

HR processes

The HR processes represent the sources of HR events. In this particular control, we are primarily interested in HR events that indicate that an employee has left the organization. From an HR perspective, there may be many different HR offboarding processes for different types of employees, contractors, business partners, and so on. For the purposes of our discussion, this scenario assumes that the HR offboarding processes can be grouped into two main categories: Normal Termination of Employment and Emergency Block.

Trusted sources of personnel information

Most companies need to plan for the fact that there may be multiple independent HR systems within the organization. This can be due to the fact that different departments manage different types of relationships (employees, contractors, business partners, and so on) or due to mergers and acquisitions and other business ventures.

In order to ensure completeness, the IT organization must identify all of the relevant HR systems that manage the termination of relationships. These systems are the trusted sources of personnel information.


Using the IBM Security Blueprint to Address Business Risks for Employee Offboarding

Document info
Document views73
Page views74
Page last viewedThu Oct 27 21:03:11 UTC 2016