Control deployment and execution
The control processes for the employee offboarding scenario require a centralized IT infrastructure and centralized information services about employees, contractors, business partners, and so on, which are described in the following sections. Once the infrastructure is in place, a set of business processes to support the offboarding security policy can be described.
The business processes to implement the employee offboarding scenario are shown in Figure 5 and described in the following sections:
Identity management processes
HR Syst em s
Directory Updat e Ap pl ica tio n
Ma s te r Di r e ct or y
n/ O ff -
b o ar d i n g Trigger
n /O f f-
boar i ng
Ev e n t Q u eu e
H R Ev en t Subsc i ber
u ts o ur c ed s e rv ice
H R Ev en t Subsc i ber Queue
H R Ev en t Subsc i ber
E mergency Block Ap p lic at io n
Blo c k Lis t
Recent ly Deleted Enti ties Direct ory
On/ Of f-boarding Ser ice B us
Internal Ident i y Management
IT S ystems
H R Pr o ce ss e s
D ir ec to r y Pr oc e ss es
Se r ve r s Identity M anagement Processes
Of f-boarding Event Audit S erver
Compl iance Trac i ng P rocesses
Figure 5 Business processes to implement employee offboarding
The HR processes represent the sources of HR events. In this particular control, we are primarily interested in HR events that indicate that an employee has left the organization. From an HR perspective, there may be many different HR offboarding processes for different types of employees, contractors, business partners, and so on. For the purposes of our discussion, this scenario assumes that the HR offboarding processes can be grouped into two main categories: Normal Termination of Employment and Emergency Block.
Trusted sources of personnel information
Most companies need to plan for the fact that there may be multiple independent HR systems within the organization. This can be due to the fact that different departments manage different types of relationships (employees, contractors, business partners, and so on) or due to mergers and acquisitions and other business ventures.
In order to ensure completeness, the IT organization must identify all of the relevant HR systems that manage the termination of relationships. These systems are the trusted sources of personnel information.
Using the IBM Security Blueprint to Address Business Risks for Employee Offboarding