Calculator Inputs
Fill the fields below, then submit to generate a risk score and exportable report.
Formula Used
Each input maps to a weighted point value based on typical offboarding exposure. We sum all factor points and normalize to a 0–100 score.
You can adjust weights to match your environment, such as higher penalties for cloud keys or admin access in regulated teams.
How to Use This Calculator
- Collect offboarding facts: access, devices, keys, and checklist status.
- Complete the form and submit to generate the risk score.
- Review top drivers to understand why the score is high.
- Apply recommended actions and document what was completed.
- Export CSV or PDF for audit trails and security reviews.
Example Data Table
Sample offboarding profiles and typical scores for reference.
| Employee | Privileged | Cloud Keys | Anomaly | Checklist | Sample Score | Level |
|---|---|---|---|---|---|---|
| Samir (Support) | Standard | No | None | 90% | 18 | Low |
| Ayesha (DevOps) | Admin | Unknown | Suspicious | 65% | 62 | High |
| Bilal (Finance) | Standard | No | None | 75% | 34 | Medium |
| Hira (Engineering) | Root / Domain | Yes | Suspicious | 40% | 83 | Critical |
| Usman (Intern) | None | No | None | 80% | 22 | Low |
These are illustrative only; real scores depend on your selected inputs.
Why Quantified Offboarding Decisions Matter
Offboarding risk grows when access outlives employment. A structured score converts scattered facts—privilege level, remote reach, device custody, and key ownership—into one comparable number. Use it to triage departures the same way you triage vulnerabilities: by exposure and likelihood. When the score rises, shorten the window between notification and revocation, add monitoring, and document every control you apply.
How to Read the 0–100 Score
The calculator normalizes weighted points into a 0–100 score and maps it to Low, Medium, High, or Critical. Low indicates routine deprovisioning is usually sufficient. Medium suggests extra hygiene, such as session invalidation and secret rotation. High implies immediate reduction of privileges and a focused review of recent activity. Critical signals urgent suspension, evidence preservation, and incident-response style oversight.
Drivers That Commonly Increase Risk
Risk spikes with administrative roles, unknown cloud keys, and third-party accounts that the leaver “owns” operationally. Missing MFA adds takeover probability, while unreturned endpoints extend data exfiltration risk beyond the last day. Zero-day notice compresses the control window, so the model assigns more points to urgent departures. Confirmed anomalies carry the highest weight because they shift the scenario from prevention to containment.
Actions That Reduce Scores in Practice
Translate high drivers into specific controls: remove admin groups first, then revoke VPN, SSO sessions, API tokens, and SSH keys. Rotate shared secrets and service credentials tied to the person’s work. Validate device return using MDM check-in, disk encryption status, and last-seen timestamps. For cloud keys, inventory access keys, rotate IAM roles, and transfer ownership of repositories, billing, and third-party consoles.
Reporting and Audit-Ready Evidence
Exported CSV and PDF outputs help create a repeatable evidence trail: what the risk was, which drivers raised it, and which actions were taken. Store reports with ticket IDs, approver names, and timestamps so auditors can trace control execution. Over time, compare scores against post-offboarding findings to recalibrate weights, refine checklists, and reduce residual access across identity, endpoint, and cloud layers. Pair the score with an SLA: revoke privileged access within one hour, standard access within a day, and confirm key rotation completion. These benchmarks make the score actionable across IT, security, and teams.
FAQs
1) What does “MaxPoints” represent?
It is the sum of the highest possible points across all factors. The score is TotalPoints divided by MaxPoints, scaled to 0–100 for consistent comparisons.
2) Can we customize the weights for our environment?
Yes. Update the point mappings in the calculator code to reflect your control maturity, regulatory exposure, and role structure. Keep the normalization step so results remain on a 0–100 scale.
3) Should a “Critical” score always mean immediate termination?
No. It signals immediate access reduction and heightened monitoring. HR decisions follow policy; the score is a security prioritization aid, not a disciplinary verdict.
4) Why does missing MFA add risk even after offboarding?
Without MFA, stolen passwords or session artifacts are more likely to be reused during the gap between notice and deprovisioning, especially for remote-access and cloud services.
5) How should we treat “Unknown” cloud keys?
Assume exposure until proven otherwise. Run key inventories, check CI/CD secrets, rotate credentials, and review access logs. “Unknown” should trigger ownership verification and cleanup.
6) What’s the best way to validate device return?
Use a custody record plus technical confirmation: MDM enrollment status, last check-in time, and remote-wipe readiness. If a device is missing, revoke access and start containment procedures.