When an employee leaves, most companies know to collect the laptop and turn off the email account.

That is a start, but it is rarely the whole story.

Today, employees may have access to dozens of systems: Microsoft 365, Google Workspace, accounting software, CRM platforms, shared folders, phone systems, password managers, vendor portals, remote access tools, social media pages, file-sharing sites, and industry-specific applications.

So the real question is not, “Did we disable their email?”

The real question is, “Can this former employee still get into anything?”

This matters whether the person left on good terms or not. Most access issues are not dramatic. They happen because nobody had a complete list of systems. HR assumed IT handled it. IT assumed the department manager knew about the apps. The manager assumed the employee only used email and files.

That is how access gets missed.

A good offboarding process starts with the main identity account. If the company uses Microsoft 365 or Google Workspace, disable the account, reset the password, revoke active sessions, and remove the employee’s MFA methods. That helps stop access across connected services.

Next, deal with email and files. Decide whether a manager needs access to the mailbox. Decide whether email should be forwarded, whether an auto-reply should be set, and who should own the person’s documents going forward. This step matters because important customer history, quotes, project notes, and vendor communication often live in one person’s inbox or cloud storage.

Then review business applications. This is where companies often miss things. Check accounting systems, CRM tools, payroll platforms, project management systems, quoting software, vendor portals, cloud dashboards, and any line-of-business applications the employee used.

If the employee had administrative access, slow down and review carefully. Admin access to email, websites, servers, firewalls, cloud platforms, or domain names should be removed immediately and documented.

Shared passwords are another common problem. If the former employee knew a shared login, change it. Better yet, use individual accounts wherever possible. Shared passwords make it difficult to know who accessed what and almost impossible to revoke access cleanly.

Do not forget devices. Collect laptops, desktops, tablets, phones, security keys, badges, and any company-owned equipment. If the employee used a personal phone or computer for company email or apps, IT may need to remove company data from that device.

The best solution is an offboarding checklist that HR, management, and IT all use. The checklist should include common systems, department-specific tools, equipment, data ownership, and final confirmation that access was removed.

Former employee access is not just an IT cleanup task. It is a security issue, an operational issue, and sometimes a compliance issue. A clear process protects the business and makes transitions smoother for everyone involved.