This page outlines Vertic’s Account Deactivation and Applications Access Removal Process. By following this process, we can ensure that all systems and applications access is securely removed for departing employees, reducing the risk of unauthorised access and potential security breaches.

Preparation

• Create an Access Inventory:

  • Compile a list of all systems, applications, and services the employee has access to

  • Identify any personal or shared accounts the employee might have used

Communication and Coordination

• Notify IT Department:

  • Provide IT with account and systems for deactivation

• Notify Accountants:

  • Notify accountants to update the employee's last working day for the pay cycle

  • Disable employee access to Xero

• Set Timing:

  • Coordinate the exact time for deactivation to align with the end of the employee's last working day

Deactivation Actions on Last Working Day

• Network and Email Access:

  • Network Access: Disable Google Apps access via Google Admin console. This will fully disable all access to the following:

    • Email

    • All File Access (via Google Drive)

    • All Google App Access (Docs, Sheets, Slides, Calendar)

  • Email Account: Set up forwarding or auto-reply if needed

• BitWarden Password Manager:

  • Remove access to BitWarden

• Corporate Applications:

  • Finance Systems: Revoke access to Xero Employee Portal

  • Salesforce: Disable access to Vertic Salesforce instance (if exists)

• Communication Tools:

  • Slack: Deactivate Slack user account

  • JIRA: Remove access to project management tool JIRA

• Developer and Technical Tools:

  • Version Control: Revoke access to GitHub code repositories

  • CI/CD Pipelines: Remove access to Copado continuous integration/continuous deployment tool

• Asset Register:

  • Update the Vertic Asset Register to reflect changes

Post-Termination Verification

• Audit and Verification:

  • Cross-check: Verify that all accounts and accesses listed in the inventory have been deactivated.

  • Check Logs: Review system logs to ensure no unauthorised access attempts.

• Account Closure:

  • Close Accounts: Fully close and archive accounts where applicable to prevent future access.

• Reallocation:

  • Reassign Ownership: Transfer ownership of any documents, files, or projects to other team members

    • This is completed via the Google Admin console

Detailed Deactivation Checklist

Please complete the relevant steps below:

Network and Email

BitWarden Password Manager

Corporate Applications

Cloud Services

Communication Tools

Developer and Technical Tools

Asset Register

Post-Termination Verification