In today’s complex business environment, one task that can seem more elusive to automate than it actually is the granting of access to employees of the company’s network, email system and other applications.
In most organizations, paper forms or emails are sent from hiring managers to members of HR or IT departments to initiate this process, resulting in manual entry into the requisite applications for on-boarding employees and time delays of a few hours to several days or weeks before an employee is actually fully able to receive access to all systems and maneuver the organizations internal systems.
In the meantime, newly hired employees never reach productivity levels that could be had their rights been established properly from the beginning. The result is often waned enthusiasm of employees for their new job because they’ve become mired in the system.
A similar scenario often unfolds when an employee leaves the organization. Phone calls and emails start the process of deactivating the access rights, but delays and lapses are inevitable and can lead to a huge security risk as employees remain active for a period of time long enough for the departing employee to access private organizational information.
Solving the New Hire Access Dilemma
In the vast majority of cases, members of the HR department are the first or second to know when an employee is to be hired. The department’s employees typically enter the new hire’s profile into the HR department’s corresponding system with all appropriate data -- department, employee number, manager, etc. – and in some cases they send an email to the IT department letting them know a network access account and email need to be created. The IT department may need to go back to the hiring manager for approvals and any special access instructions that must be met.
An automated process can set off a simple entry process of the new employee record in the HR system to create the account in Active Directory and the email application. Further, a workflow process can be started whereby a hiring manager receives the employee’s log in credentials and a link to an internal website where special access can be requested. Once the manager completes the form, a further workflow can be sent if additional approval levels are required with the final step being a notification for IT to finish the provisioning.
For example, Lifestyle Hearing, a Hawkesbury, Ontario-based, company with 70 locations throughout Canada, automated this very process. The company rapidly expanded to more than 130 employees, which created many complications for the IT group. New departments and roles also needed to be created and formed on a regular basis. Since it started as a small company, many employees had responsibilities that included several roles requiring definition as the company grew.
This meant that user accounts needed to be created in multiple systems and tighter controls needed to be put in place. The task took about 30 minutes per employee, but only if all the correct information was provided from the beginning. If not, the employee needed to be tracked down in an attempt to get the information, and wait for a response, which could take an unlimited amount of time.
Lifestyle Hearing administrators knew it was critical to ensure all information was correct, but the process took too much time from too many people for it to be productive or worthwhile and had become a major drain on the organization.
Prior to putting an automated system in place, IT was a bottleneck because of the fact that employees in the department often had to handle other important tasks and they were not able to create accounts quickly for new employees. By automating their account management processes, HR now has controlled access through a web-based form to create an account that allows the IT department to easily enter the employee’s information, define user profiles and determine which systems they need access to.
Lifestyle Hearing previously had a four- to five-day window for employee account creation, but by automating, employees are now able to have their accounts before their first day and start working on day one.
Expediting Employee Access Termination
As equally important as providing new employees with prompt network access is ensuring that employees leaving an organization have their access to network accounts, email and other applications revoked in a timely fashion. While most employees leave on good terms, an upset or contentious employee can potentially cause damage to data or perform a mass emailing to clients, among other malicious attacks.
By automating, a manager can visit a web page and immediately revoke network and email account access of all terminated employees, as well as can put a terminate date in the HR system and have an automated process kick off on the appropriate date.
It is critical to the organization that departing employees have their access rights terminated in a timely fashion. To ensure this process runs smoothly, managers can access forms that allow them to search for an employee and revoke rights on demand. Another process runs once this action occurs to ensure emails are forwarded to the correct manager and any files left on the network are shared appropriately for review. This ensures continuity for any clients or projects the terminated employee may have been working with.
As the HR department is always involved with employee hiring and terminations, it makes sense to have them involved with the process of granting and revoking network and email access. Available systems make the impact negligible as to not occupy more the HR professional’s valuable time.
For ore information, please visit our website.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment