IT Hardware Onboarding & Offboarding

Why This Procedure Is Worth Writing Down

Joiner-mover-leaver checklists usually live in HR systems, written from HR's point of view. The IT side is implied: "issue equipment", "recover equipment". That gap is the single largest source of ghost assets, late deployments, and the "we never got our laptop back" problem six months after someone leaves.

This procedure is the IT counterpart to HR's onboarding and offboarding flows. It assumes someone else owns the HR side; what it covers is the hardware events, who owns each one, when they happen, and what gets recorded in HAM. The goal is a procedure short enough to be followed and structured enough that nothing slips through.

Onboarding: T-Minus Five to Day Plus Seven

T-5 to T-3 Business Days Before Start

The HR system or the hiring manager has signaled a start date. Before the new hire shows up, IT needs:

• Role-based equipment selection. Which standard kit fits this role? Engineering laptop, sales laptop, executive kit, hot-desk pool — the choice should be a lookup, not a conversation.
• HAM availability check. Is the right model in the spare pool, or does a new device need to be procured? If procurement is needed, the start date is the deadline.
• Allocation in HAM. The selected device transitions from In Storage to In Preparation with the new hire's name as the planned assignee. Doing this early stops two managers from claiming the same device.

T-3 to T-1 Day Before Start

• Image and configure. Standard OS image, MDM enrollment, encryption verified, endpoint protection installed, browser bookmarks for company tools, VPN client configured.
• Asset tag. Physical tag applied; tag ID and serial number cross-checked against the HAM record.
• Account preparation. The new hire's directory account, mailbox, and access groups are ready. A configured laptop with no account to log into is a wasted morning.
• Pack accessories. Charger, mouse, headset, ergonomic items per role. Tracked in HAM if above the threshold; tracked as consumables otherwise.

Day 0: Start Date

• Handoff. In office: the new hire collects the device from IT. Remote: the package was shipped to arrive on or before today (see the remote work guide for the shipping playbook).
• Acknowledgement. The new hire signs an acceptable-use acknowledgement linked to the asset record. Digital signatures with a timestamp are fine; on-paper signatures get scanned and attached. The signed acknowledgement is the evidence that survives the next ISO 27001 audit.
• Status change in HAM. Device transitions from In Preparation to Deployed. Assigned User, Assignment Date, and Location are populated; the transition should be rejected by the system if any of those is missing (see the data model guide on transition rules).

Day 1 to Day 7

• First-week support. A scheduled check-in with the new hire — usually a single help-desk ticket — catches anything missed in setup. This is also when peripheral requests come in.
• Inventory verification. The new hire confirms the asset tag matches what HAM says. Catching swapped tags in the first week is much easier than catching them in next quarter's audit.
• Standard kit complete. If anything was on backorder, it ships during this window and gets recorded against the same user.

Offboarding: T-Minus Notice to T-Plus Recovery

Offboarding has two flavours: planned (resignation, end of contract, retirement) and unplanned (termination, sudden departure). Both produce the same end state but on different timelines and with different risk profiles.

Planned Offboarding

On Notice

• HR signal. HR notifies IT of the last working day. The longer the notice, the smoother the recovery.
• HAM lookup. Run the report "show all assets assigned to this user". For a tenured employee, expect more than one device — laptop, phone, dock, monitors, ergonomic accessories above the threshold.
• Return plan. In office: schedule a drop-off on the last day. Remote: order a prepaid return kit with packaging and a labeled shipping envelope; have it arrive a week before the last day.

Final Week

• Data offload. Confirm the leaver has moved any business-relevant local files to shared storage. Personal files are theirs to remove; the company laptop is not their backup.
• Manager handover. The leaver's manager confirms which work-in-progress files and accounts need to be transferred. This is usually broken if it's left to the last morning.

Last Day

• Account disable. Coordinated with HR. Disable, do not delete; deletion comes later per the retention schedule.
• Device collection. Physical handoff or pickup of the prepaid shipping kit.
• HAM transition. Device moves from Deployed to In Storage only after physical receipt is confirmed. Marking it returned before the device arrives is how planned offboarding silently produces ghost assets.

Day +1 to Day +7

• Receipt and inspection. When the device arrives, verify the serial number against HAM, inspect for damage beyond normal wear, and document any discrepancy.
• Wipe and reimage. The device is sanitized to internal-reuse standard, reimaged to the standard build, and returned to the spare pool. The ITAD guide covers when sanitization needs to be at the higher Purge or Destroy levels.

Unplanned Offboarding (Termination)

Compressed timeline, higher risk of non-return. The procedure is the same shape but everything happens on Day 0.

• Account disable at the moment of notification. This is the security half of offboarding and must not wait for the hardware half.
• Remote lock, not remote wipe. Locking the device prevents continued use without destroying the leaver's personal files. Wiping prematurely creates legal exposure if personal data was on the device.
• Return demand within 24 hours. Email and phone, with a prepaid shipping label and a clear deadline (typically five business days).
• Escalation if not returned. Day 6: certified letter. Day 15: legal notice. Day 30+: depending on jurisdiction and value, payroll deduction (where lawful), insurance claim, or police report. The remote-work guide's non-return prevention strategies apply here.
• HAM status during this window. Device moves from Deployed to a tracking state — many organizations use Pending Return as a sub-state of Deployed — until physical receipt or a final write-off decision.

Edge Cases the Standard Checklist Forgets

Contractors and Vendors

Contractors often get hardware on a different track than employees. The trap is treating "contractor" as a status that doesn't trigger the same lifecycle rigor. The right pattern:

• Contractors get a Deployed record with their name and a contract end date in HAM.
• The contract end date triggers the same recovery workflow as an employee separation.
• Renewals extend the date in HAM; without a renewal, the device is recovered at end-of-contract whether or not anyone has explicitly told IT.

Internal Transfers (Movers)

An employee moves from one department to another but keeps their laptop. The hardware doesn't change; the cost-center and possibly the location do. The HAM update is small but easy to skip:

• Cost-center field updates to the new department.
• Location detail updates if the desk moved.
• Reporting-line / manager field updates if HAM tracks it.

Skipping this update produces wrong cost-allocation reports next month and a "we don't know who supports this device" call when something breaks.

Leave of Absence

An employee on extended leave — parental, medical, sabbatical — keeps the device but isn't using it. The right treatment depends on the expected duration:

• Up to ~12 weeks: device stays with the employee. No HAM change beyond a flag if the system supports one.
• Longer leaves: recover the device into the spare pool, reissue on return. Avoids paying support contracts on a device nobody is using and reduces theft/loss risk.
• Indefinite leave: treat as a planned offboarding with the device returning to inventory; reissue if and when the employee comes back.

Role Changes Without a Move

Promotion or role change that doesn't involve a department transfer can still affect equipment. A graduate moving into a senior role might qualify for a different standard kit; a sales rep moving into engineering might need different hardware. The procedure: HR signals the role change, IT checks whether the new role's standard kit differs from the current one, and a swap (with the same offboarding-on-the-old-device, onboarding-on-the-new-device shape) is scheduled.

Acquisitions and Mergers

Acquired employees come with their existing hardware. The choice is to absorb (bring everything into HAM, possibly reimage) or replace (recover the acquired devices, issue standard kit). Both are valid; the trap is doing neither, which leaves a population of un-tracked devices on the network for years.

Deceased Employees and Other Sensitive Cases

Hardware recovery from deceased employees, employees on extended legal leave, or employees in disciplinary action follows the same mechanical procedure but with HR and legal in the loop on timing and tone. The mechanics — return, wipe, redeploy — do not change; the communication around them does.

The Procedure as a Checklist

The full procedure compressed to one screen, suitable for printing and putting next to the asset coordinator's desk.

Onboarding

• ☐ HR notice received with start date and role
• ☐ Standard kit identified for the role
• ☐ HAM allocation: device moved to In Preparation with planned assignee
• ☐ Imaged, configured, MDM-enrolled, encryption verified
• ☐ Asset tag applied; tag ID matches HAM
• ☐ Accessories packed; consumables noted
• ☐ Day 0 handoff or shipment delivered
• ☐ Acceptable-use acknowledgement signed and attached to record
• ☐ HAM: Deployed, with assigned user, date, location
• ☐ Day 1-7 check-in completed; tag verified by user

Offboarding

• ☐ HR notice received with last working day and reason
• ☐ HAM lookup: all assets assigned to leaver listed
• ☐ Return method scheduled (drop-off or prepaid kit)
• ☐ Last-day account disable coordinated with HR and security
• ☐ Devices physically collected or shipment received
• ☐ Receipt verified; serial numbers cross-checked; condition noted
• ☐ Sanitized to internal-reuse standard (or higher per data classification)
• ☐ Reimaged and returned to spare pool, OR retired per condition assessment
• ☐ HAM: In Storage or Retired, with date
• ☐ For non-returns: escalation timeline started; weekly status until resolved

Metrics That Tell You the Procedure Is Working

• Time to deploy on hire: hours between Day 0 and the first successful sign-in. Target: same business day for office, within 2 days for remote.
• Acknowledgement coverage: percentage of Deployed assets with a signed acceptable-use record on file. Target: 100% for assets deployed in the last 12 months.
• Return rate on planned separations: assets returned divided by assets that should have been returned. Target: ≥98%.
• Return rate on terminations: same calculation, separate target. Target: ≥85%; below that, escalation processes need work.
• Time-to-recovery: days from last working day to In Storage status in HAM. Target: ≤10 days for ≥90% of separations.

Tracked over time, these metrics surface the workflows that are actually broken. If acknowledgement coverage is low, the day-0 process drops the signature. If return rate is fine but time-to-recovery is long, the receiving and inspection step is the bottleneck.

Integration Points

The procedure depends on a small number of integrations to scale beyond a few hundred employees:

• HRIS to HAM: joiner / mover / leaver events trigger HAM workflows. Even a daily CSV is enough; real-time API is better.
• HAM to identity: the assigned user in HAM matches the directory ID, so the assignment record stays correct when the user's name changes.
• HAM to ticketing: hire requests open a deployment ticket; separation events open a recovery ticket. The ticket is the queue; HAM is the source of truth.
• HAM to MDM/discovery: the device's last check-in confirms the user is still using it, and flags devices that have gone dark.

Without these integrations the procedure still works but requires manual handoffs that produce most of the failure modes above. The best-practices guide covers the integration patterns at the wider HAM level.

Next Steps