Controlling Risk by Implementing a New Employee On-boarding and Access Control Process

Small businesses have it easy when it comes to keeping track of new hires. A paper file and some signed checklists will do the job on that scale. A multi-million dollar company could never hope to manage an employee on-boarding and access control process in this way.

Controlling access to information is not just a good practice. It’s a requirement. Large contracts, especially large government contracts, have a multitude of strings attached. Missing a single stitch in the tight weave of an employee on-boarding and access control process can easily lead to the cancellation of a lucrative and secure contract.BPM (Business Process Management) software enables companies to control the resources that employees can access. That’s especially important in an IT position. Edward Snowden’s traipse through National Security Administration files while working as a contractor should give nightmares to the IT managers of any corporation, but employees don’t have to harbor some nefarious scheme to pose a risk to companies with trade secrets worth protecting. Standard practice is to have protective measures in place that employees are reasonably expected to follow. Specific contract requirements and nondisclosure agreements have been refined through decades of hard experience to provide these protections. BPM software simplifies the employee on-boarding and access control process by tracking training records and ensuring that permissions are adequately cancelled when off-boarding.

BPM software can track which employees have or have previously had access to sensitive company data. A BPM-controlled employee on-boarding and access control process provides the documentation that large companies need to show that responsible information security and risk management training has been provided.

A carefully documented employee on-boarding and access control process is crucial for limiting exposure to liability when a breach does occur. Cadres of lawyers will ask very pointed questions about how such a breach could happen, and companies must be able to answer swiftly and accurately with adequate documentation. Were IT employees appropriately trained to be aware of security risks? Did they have specific instructions on how to handle physical media that contained client data? If procedures were in place, were the employees aware of them? Did they follow those procedures?

The liability could be staggering for a multi-million dollar firm that fails to follow an established employee on-boarding and access control process, and following an employee on-boarding and access control process brings only limited benefit unless documentation can be provided.

About This Author

  • Luciano

    Hi brian. Do you know where can i download some template for process maker to do the access control? Regards

  • Liliana Iriarte

    Hi Luciano. We dont have a template like that at the moment, but if we have it available any time soon we will let you know.