How to use this worksheet
Use this checklist when onboarding staff, offboarding workers, reviewing cloud folders, or preparing to answer access-control questions. Keep answers factual. If a question affects a contract, legal duty, official program submission, or customer representation, verify it before relying on it.
1Named accounts
- Each regular user has a named account
- Shared accounts are identified and reviewed
- Administrator accounts are limited to people who need them
- Customer portal accounts are tied to current users
2Access approval
- New access requests are approved by the owner or responsible manager
- Project access is limited to the relevant team
- Subcontractor access has an end date or review date
- Temporary access is removed when the work ends
3Departure review
- Email, cloud storage, customer portals, remote access, and devices are reviewed when someone leaves
- Passwords and recovery options are not tied to departed employees
- Forwarding rules and shared links are checked
4Periodic review
- Permissions are reviewed at least periodically
- Public or open sharing links are checked
- Sensitive folders have an owner
- Exceptions are documented
Suggested output
After completing this worksheet, create a dated internal note listing open questions, documents to verify, people to involve, and decisions that should not be made without qualified review.
Official sources to verify
Use these official sources for current requirements. This page is educational and may not reflect every contract-specific detail.