Client Onboarding and Offboarding Policy
1.0 Purpose
This policy defines the standardized processes and security requirements for onboarding new clients into Precision Computer's management and offboarding clients upon termination of the service agreement. A consistent and secure process for both onboarding and offboarding is critical to ensure smooth service transitions, establish necessary security controls, manage access effectively, protect client and Precision Computer data, and meet contractual and legal obligations during these crucial phases of the client lifecycle.
2.0 Scope
This policy applies to all Precision Computer personnel involved in the sales, service delivery, technical support, billing, and administrative functions related to initiating services for new clients and terminating services for existing clients. It covers all technical, administrative, security, and data handling procedures associated with client onboarding and offboarding.
3.0 Policy Statements
3.1 Client Onboarding Process
The onboarding process transitions a new client from sales closure to active service management. Key steps include:
1. **Contract Finalization & Handover:** Ensure service agreements, SLAs, and statements of work (SOW) are finalized and signed. Handoff from Sales to Service Delivery/Onboarding Team.
2. **Information Gathering:** Collect necessary technical details about the client's environment, existing infrastructure, user base, critical applications, third-party vendors, and specific requirements or compliance needs through structured discovery processes (questionnaires, interviews, initial scans).
3. **Account Setup:** Create client records in relevant Precision Computer systems (PSA, RMM, Billing, Documentation Platform).
4. **Credential Establishment:** Securely establish necessary administrative credentials for Precision Computer access to the client environment, adhering to the Client System Access Control Policy (unique credentials, MFA where applicable). Obtain necessary client approvals.
5. **Tool Deployment:** Deploy required Precision Computer management tools (e.g., RMM agents, monitoring tools, security agents) onto client systems according to standard procedures and client agreement.
6. **Baseline Configuration & Assessment:** Perform initial system assessments, apply agreed-upon baseline security configurations (where applicable), and establish initial monitoring and backup configurations based on the SOW.
7. **Documentation:** Document the client's environment, configurations, credentials (securely stored), procedures, and points of contact within the designated Precision Computer documentation platform.
8. **Welcome & Introduction:** Formally introduce the client to support procedures, points of contact, and reporting mechanisms.
9. **Service Activation:** Formally commence service delivery according to the agreed-upon start date.
3.2 Client Offboarding Process
The offboarding process formally concludes the service relationship with a client. Key steps include:
1. **Notification & Planning:** Receive formal termination notice and confirm the final service date. Plan the offboarding timeline and tasks.
2. **Data Return/Destruction:** Execute data handling procedures as defined in the client agreement and the Client Data Management Policy. This includes:
* Securely returning client-owned data managed by Precision Computer (e.g., backups, cloud data) to the client in an agreed format.
* Securely sanitizing/destroying any client data residing solely on Precision Computer systems according to the Technology Equipment Disposal and Data Sanitization Policy upon contract termination and confirmation from the client.
3. **Credential Revocation:** Revoke all Precision Computer administrative and user access credentials within the client's environment (e.g., disable service accounts, remove VPN access). This must be coordinated with the client.
4. **Tool Removal:** Uninstall all Precision Computer management tools (RMM agents, monitoring agents, security agents) from client systems, unless contractually agreed otherwise (e.g., client purchases licenses).
5. **Configuration Removal:** Remove client-specific configurations from shared Precision Computer infrastructure (e.g., firewall rules, monitoring checks, backup jobs) after service termination.
6. **Final Reporting:** Provide final service and asset reports to the client as required by the contract.
7. **Final Billing:** Ensure all outstanding service fees are invoiced and processed.
8. **Documentation Archival:** Archive relevant client documentation according to the Record Retention Schedule.
9. **System Deactivation:** Deactivate client records in active Precision Computer management systems (PSA, RMM) after the final offboarding steps are complete.
3.3 Security and Data Handling During Transitions
* All data handling during onboarding (collection) and offboarding (return/destruction) must comply with the Client Data Management Policy.
* All access established during onboarding and removed during offboarding must comply with the Client System Access Control Policy.
* Secure methods must be used for transferring credentials or sensitive configuration data.
4.0 Responsibilities
* **Sales Team:** Responsible for finalizing contracts and initiating the handover to onboarding teams.
* **Onboarding Team/Project Manager:** Responsible for coordinating and executing the onboarding process according to this policy.
* **Technical Teams:** Responsible for tool deployment, configuration, credential setup, technical assessments during onboarding, and technical removal tasks during offboarding.
* **Account Management/Service Delivery:** Responsible for coordinating offboarding planning, client communication, and ensuring contractual obligations are met during offboarding.
* **Billing/Finance:** Responsible for final billing during offboarding.
* **[Designated Authority, e.g., Security/Compliance Team]:** Responsible for ensuring security requirements are met during both processes.
5.0 Compliance
**5.1 Compliance Measurement:** Compliance will be verified through audits of onboarding and offboarding checklists/project plans, review of documentation, verification of credential/tool removal, confirmation of data return/destruction, and client feedback.
**5.2 Exceptions:** Deviations from the standard onboarding/offboarding process require documented justification and approval from designated management (e.g., Service Delivery Manager, Head of Operations).
**5.3 Enforcement:** Failure to follow the defined onboarding and offboarding procedures may result in service delivery issues, security incidents, contractual breaches, and potential disciplinary action.
* Client Data Management Policy
* Client System Access Control Policy
* Password Policy
* Remote Access Tools Policy
* Technology Equipment Disposal and Data Sanitization Policy
* Service Level Agreement (SLA) Framework
* Record Retention Schedule / Policy
* Change Management Policy (for changes during onboarding)
7.0 Definitions
* **Onboarding:** The process of integrating a new client into the MSP's service management systems and processes.
* **Offboarding:** The process of formally terminating the service relationship with a client and removing MSP access and tools.
* **PSA (Professional Services Automation):** Software used by MSPs to manage business operations, including client information, ticketing, billing, and projects.
* **RMM (Remote Monitoring and Management):** Software used by MSPs to remotely monitor and manage client endpoints and infrastructure.
* **ITSM (IT Service Management):** The entirety of activities performed by an organization to design, plan, deliver, operate and control IT services offered to customers.
No Comments