Small businesses have it easy when it comes to keeping track of new hires. A paper file and some signed checklists will do the job on that scale. A multi-million dollar company could never hope to manage an employee on-boarding and access control process in this way.
BPM software can track which employees have or have previously had access to sensitive company data. A BPM-controlled employee on-boarding and access control process provides the documentation that large companies need to show that responsible information security and risk management training has been provided.
A carefully documented employee on-boarding and access control process is crucial for limiting exposure to liability when a breach does occur. Cadres of lawyers will ask very pointed questions about how such a breach could happen, and companies must be able to answer swiftly and accurately with adequate documentation. Were IT employees appropriately trained to be aware of security risks? Did they have specific instructions on how to handle physical media that contained client data? If procedures were in place, were the employees aware of them? Did they follow those procedures?
The liability could be staggering for a multi-million dollar firm that fails to follow an established employee on-boarding and access control process, and following an employee on-boarding and access control process brings only limited benefit unless documentation can be provided.