# Employee Offboarding

External services that need to be deactivated or disabled when an employee is offboarded.

### All Empoyees

- [Active Directory](#)
- [LastPass](#)
- [Slack](#)
- [Teamviewer](#)

#### The following shared credentials must be rotated (if applicable):

- Wireless access point shared keys (Update LastPass share, notifiy location)
- [Internal Project Admin accounts](#)
- [External Shared Accounts](#)

#### Physical assets:

- RFID key card must be deactivated and destroyed (even if returned)
- Yubikeys must be returned (see [Yubikey asset tracking sheet](#))
- Laptops (see [Laptop asset tracking sheet](#))
- Work phone (if applicable, see [Phone asset tracking sheet](#))

### Development, IT, and Support

#### The following accounts must be deactivated:

- [PagerDuty](#)
- [Zendesk](#)
- [Basecamp](#)

#### The users must be disassociated or removed from our organization at:

- [Github](#) (See [username to employee mapping sheet](#))
- [Codacy](#)

#### The following 3rd party credentials must be rotated:
- Customer VPNs (See [Customer Remote Access tracking sheet](#))
- Customer SFTP credentials
- EasyPost API Tokens
- Sendgrid API Tokens

#### Other processes:
- SSH public keys must be removed from VMs and revoked from all authorized_keys files
- Any database users need to be removed