Skip to main content

Search

Welcome to the Internal Support Portal!

Vendor Offboarding Process

Krista Staples
  • Updated
Vendor-Offboarding-Process.gif


mainicon.png Purpose & Scope

To ensure a secure, compliant, and structured offboarding process for Vendor accounts while protecting sensitive data, preserving business continuity, and minimizing operational risk.

This process applies to all Vendor accounts that are ending their engagement with the company, including associated contacts, partner relationships, campaigns, and data.

Dev ticket script process (Internal Only): PSDEV-1583

This article outlines the INTERNAL process for offboarding. 
We do have a PDF that is Customer-Facing, please reach out to Krista Staples for access, example is attached to the bottom of this article.
 


mainicon.png Offboarding Process


1. Initiation

  • Offboarding begins once a formal termination request or contract end notice is received.

  • Assign an internal point of contact (AM or CSM) to manage the offboarding process and coordinate with the Vendor.

  • AM/CSM will log an internal support ticket (Do not copy the customer) notifying the team of the offboarding. 

  • The Support Team will then log a JIRA ticket to track the back-end process.

  • The Support Team will reply to the internal support ticket with a PDF to send to the Vendor.

 

2. Vendor Communication

  • AM/CSM will provide a clear guide (obtain the PDF from Krista Staples, example attached to this article) to the Vendor detailing:

    • Access restrictions - Access to Vendor and affiliated Partner accounts will be suspended.

    • How to export necessary data - If necessary, we will provide a 7-day window for Vendor and affiliated partners the ability to run necessary reports and exports of data.

    • Responsibilities for partner data and SSO shutdown - Vendor will be solely responsible for the shutting down of SSO.

  • Send confirmation once offboarding is fully complete.


3. Account Deactivation

  • The Vendor account is deactivated in all systems to prevent any further login or activity.

  • SSO deactivation described below prevents any access for all partner accounts as well.

  • Access to all campaigns, analytics, and company resources is immediately restricted as a result of SSO deactivation.


4. Data Handling & Access

  • All Personally Identifiable Information (PII) is masked using a one-way hashing algorithm and once masked is NOT recoverable.

  • This includes:

    • Vendor & Partner Contacts

    • Company Information

    • Partner accounts and associated data

  • Campaigns will be invalidated and cannot be accessed or edited. This includes all In-Progress Campaigns and Links.

  • Backups containing Vendor data will naturally age out over time; no long-term storage remains beyond retention policies.

  • Admin credentials for all users will also be deleted so they cannot log in via Auth0. This combined with SSO deactivation should mean only SW employees can access the account.


5. Data Export

  • Vendors may request their data before the end of offboarding.

  • Vendors are responsible for instructing their own partners to export any relevant data, such as contacts or reporting, before access is revoked.

  • If needed, Vendors can run reports up to one week after contract end and can request a delay in deactivation. Internal teams will provide limited support for this timeframe.

  • Vendors can also export their own contacts, which at the minimum includes list of all partners.

  • Reports cannot be run post deactivation.


6. SSO and Integration Shutdown

  • Vendors are responsible for shutting down any Single Sign-On (SSO) integrations or other system connections on their side.

  • Internal IT teams will ensure that deactivated accounts cannot authenticate or connect via external integrations.


7. Timeline

  • The offboarding process is completed within 90 days from initiation/contract end date.

  • Key milestones within the 90-day window:

    1. Day 0–7: Initial communication with Vendor & Partner SSO Shutdown begins. Note that Day 0 is the last day of the contract.  Offboarding begins after contract ends.

    2. Day 8–30: Vendor & SSO / Integration Shutdown
      (Dev must delete the connection strings from the DB which will result in all SSO requests failing) Data masking and campaign invalidation

    3. Day 31–90: Backups age out, final confirmation of account and data closure


8. Compliance & Security

  • Ensure all actions comply with internal security policies and relevant data privacy regulations (e.g., GDPR).

  • Structured will keep audit records of all off-boarding actions.

Powered by Zendesk