--- name: onboarding-builder description: Builds a tailored new-hire IT onboarding checklist covering pre-arrival through 90-day review, with access matrix, equipment list, and training schedule. version: 1.0.0 author: VantagePoint Networks audience: IT Managers, HRIS Administrators, Hiring Managers, Service Desk Leads output_format: Formatted Markdown onboarding pack with phase-by-phase checklist, access matrix, equipment list, training plan, and review cadence. license: MIT --- # Onboarding Builder Turns "we hired someone for role X, they start in 2 weeks" into a complete IT onboarding plan with everything the service desk, HR, line manager, and new hire each need to do, in the right order, with nothing forgotten. ## How to use this skill 1. Download this `SKILL.md` file. 2. Place it in `~/.claude/commands/` (macOS/Linux) or `%USERPROFILE%\.claude\commands\` (Windows). 3. Run `/onboarding-builder` in Claude Code. Provide role, start date, and location. Answer questions about what the role needs. Receive the full pack. ## When to use this - A new hire's start date has been confirmed and you have 5-15 business days to prepare. - You're standardising onboarding across the business and want a consistent template per role family. - You've had complaints that new hires lose 3 days to "waiting for access" and want to fix that. - You're preparing for audit - "prove you have a documented joiner process with segregation of duties". - You're replacing a departing person and need a targeted access transfer plan, not a generic new-hire kit. ## What you'll get - **Pre-arrival checklist** (10+ business days before start): provisioning, equipment, access requests, workspace setup. - **Day 1 checklist**: induction, account handover, security briefing, first successful login. - **Week 1 checklist**: tool training, team introductions, first real task, manager check-in. - **30/60/90-day review structure**: expectations, check-ins, probation gates. - **Access matrix**: exactly which systems this role needs, at what privilege level, granted when, reviewed by whom. - **Equipment list** with budgets and asset tagging plan. - **Training & compliance schedule** with due dates (statutory, sector, role-specific). - **Offboarding preview** - the reverse checklist pre-populated, so you're not starting from scratch if the relationship ends early. - **Owner matrix** - who does what (IT, HR, line manager, buddy, new hire). ## Clarifying questions I will ask you 1. **What is the role title and level?** (Junior / Mid / Senior / Manager / Director / C-level) 2. **Start date?** (YYYY-MM-DD, and is it a hard date or indicative?) 3. **Location / working pattern?** (Office, remote, hybrid, specific site, international) 4. **Reports to?** (Line manager name/title - dictates approver for role-based access.) 5. **What does this role actually do day-to-day?** (Short description - drives access needs more than the title.) 6. **Is this a replacement hire or a net-new role?** (Replacement = mirror predecessor's access minus risk items; net-new = derive from role.) 7. **Sensitive data access required?** (HR / finance / customer PII / engineering IP / regulated data) 8. **What systems must they access in the first week?** (Email, comms, role-specific tools - the "productive on day 1" list.) 9. **Employee or contractor?** (Affects badge type, asset ownership, data access, statutory training.) 10. **What's the equipment standard for this role?** (Laptop spec, monitor, headset, mobile, dock, keyboard/mouse, any specialist kit.) 11. **Any physical access needs?** (Building, server room, restricted floor, specific sites.) 12. **Compliance / training obligations?** (GDPR awareness, health & safety, sector-specific - financial regs, clinical, etc.) 13. **Do you have a buddy programme?** (If yes, who?) ## Output template ```markdown # New Hire Onboarding Pack: - **Start date:** YYYY-MM-DD () **Role:** **Reports to:** <manager name / role> **Location:** <office / remote / hybrid> **Employment type:** Employee / Contractor / Intern **Buddy:** <name> **Onboarding coordinator:** <name> ## 1. Owner Matrix | Function | Owner | Backup | |---|---|---| | Account provisioning (identity, email) | IT Service Desk | | | Equipment order & imaging | IT Asset Team | | | Role-based access approvals | Line manager | Head of <function> | | Physical access (badge, keys) | Facilities | | | Workspace setup (desk, phone) | Facilities | | | Statutory training assignment | HR | | | Role-specific training | Line manager | Buddy | | Probation review | Line manager + HR | | ## 2. Pre-Arrival Checklist (T-10 to T-1 business days) ### T-10 business days - [ ] **HR:** Confirm signed offer and start date. Share with IT + Facilities via HRIS event. - [ ] **Line manager:** Confirm role description, equipment spec, access list. Approve provisioning request. - [ ] **Line manager:** Assign a buddy (not a direct report, not a peer in probation). - [ ] **Line manager:** Draft Day 1 + Week 1 schedule (see section 5). ### T-7 business days - [ ] **IT:** Create user account in identity platform (<e.g. Entra ID>). Username scheme: `<convention>`. - [ ] **IT:** Create email mailbox. Set out-of-office for pre-start day if configured. - [ ] **IT:** Submit equipment order (see section 8). - [ ] **IT:** Assign MFA method plan (hardware token / authenticator app / SMS fallback policy). - [ ] **Facilities:** Reserve desk / locker if office-based. Order badge. ### T-5 business days - [ ] **IT:** Image laptop, install standard build + role-specific software (see section 8 for list). - [ ] **IT:** Enrol device in MDM. Apply role-based profile. - [ ] **IT:** Stage credentials pack (see Day 1 handover). - [ ] **HR:** Send "welcome" email to new hire with Day 1 logistics, dress code, parking, contact. ### T-3 business days - [ ] **HR:** Assign statutory training in the LMS (scheduled to open on Day 1): see section 9. - [ ] **Line manager:** Notify team of arrival - name, role, start date, background, how to welcome. - [ ] **IT:** Configure group memberships in identity platform per access matrix (section 6). Do not assign yet - assign on Day 1 to keep audit trail tight. ### T-1 business day - [ ] **IT:** Final check - device on, updates applied, screen saver unlocked. - [ ] **Facilities:** Desk prepped - monitor, dock, welcome card. - [ ] **Buddy:** Email or message the new hire with a welcome note. ## 3. Day 1 Checklist ### First 30 minutes - [ ] **Line manager or buddy:** Meet at reception / online call. Office tour / remote welcome. - [ ] **HR:** Induction (policies, handbook, emergency procedures). Right-to-work + ID check completed. - [ ] **Facilities:** Badge issued. Keys and locker assigned if applicable. ### First 2 hours - [ ] **IT:** Credentials handover - secure process (verbal + documented ticket). First password change enforced. - [ ] **IT:** MFA enrolment supervised. - [ ] **IT:** Device unboxing / self-enrolment completed. Success criteria: logged in, email open, can join a Teams/Meet call. - [ ] **HR:** Security briefing (acceptable use, phishing, password policy, clear-desk, BYOD if applicable). ### Day 1 morning - Technical - [ ] Email works. - [ ] Calendar works. - [ ] Comms platform (Teams / Slack / Meet) works. - [ ] VPN / ZTNA works from intended location. - [ ] Team drive / SharePoint / shared mailbox accessible. - [ ] Can print (if office-based). ### Day 1 afternoon - People - [ ] 1:1 with line manager (30-60 min). - [ ] Buddy coffee / remote equivalent. - [ ] Introductions to immediate team. - [ ] Role scope and first-week expectations confirmed. ### End of Day 1 - [ ] New hire signs provisioned-access acknowledgement (audit artefact). - [ ] Service desk ticket closed with completion evidence. - [ ] Line manager sends end-of-day check-in. ## 4. Week 1 Checklist ### Day 2-3 - [ ] Complete statutory training: GDPR / data protection, information security, health & safety. - [ ] Core tool walkthrough with buddy (team wiki, project tracker, code repo, ticketing, etc.). - [ ] Shadow a real meeting or customer call (observer only). ### Day 4-5 - [ ] First real task - small, achievable, visible to the team. - [ ] Line manager check-in (15 min). - [ ] Buddy check-in (15 min - "anything unclear?"). - [ ] Feedback collected from new hire: "what's the single biggest thing that slowed you down this week?" ## 5. 30 / 60 / 90-day Plan ### By Day 30 - Completed all statutory training (evidenced in LMS). - Completed role-specific training: <list>. - Delivered: <specific early deliverables>. - Meets with line manager weekly. - Review: 30-minute structured probation check-in. Status: On track / Needs support / At risk. ### By Day 60 - Owns at least one workstream or ticket queue independently. - Has attended: <recurring ceremonies, customer calls, etc.>. - Has built working relationships with: <key stakeholders>. - Review: 60-minute mid-probation check-in. Status: On track / Needs support / At risk. ### By Day 90 - Delivered against the 90-day expectations documented on day 1. - Probation review formal: HR + line manager + new hire. - Outcome: Confirmed / Extended / Not passed (with reasons and treatment). ## 6. Access Matrix Principle: **least privilege, justified by role**. Elevated access requires a second approver and is time-bounded. | System | Access level | Justification | Granted by | Granted on | Review due | Expires | |---|---|---|---|---|---|---| | Email | Standard user | Role baseline | IT | Day 0 | Annually | n/a | | SSO / identity | Standard user | Role baseline | IT | Day 0 | Annually | n/a | | VPN / ZTNA | Standard profile | Remote access | IT | Day 0 | Annually | n/a | | <comms platform> | Standard user | Role baseline | IT | Day 0 | Annually | n/a | | <team drive> | Team group | Collaboration | Line manager | Day 1 | Annually | n/a | | <ticketing> | Agent / Requester | Role-specific | Line manager | Day 1 | Annually | n/a | | <role-specific system> | Specified level | <reason> | <approver> | Day N | <cadence> | <date> | | <sensitive system> | Specified level | <reason> | <approver + 2nd> | Day N | Quarterly | <date> | **Break-glass / privileged:** Not granted at onboarding. Requires separate request + approval + CAB visibility. ## 7. Physical Access | Area | Access | Granted by | Review | |---|---|---|---| | Main office | Standard badge | Facilities | Annually | | <floor / zone> | Standard badge + profile | Facilities + area owner | Annually | | Server room | **NOT granted** - requires explicit request | Head of IT | Quarterly | | <restricted area> | <as applicable> | <owner> | <cadence> | ## 8. Equipment ### Standard kit for this role | Item | Model / spec | Cost (ref) | Asset tag | |---|---|---|---| | Laptop | <model, RAM, storage> | <> | <issue on onboarding> | | Docking station | <model> | <> | | | Monitor(s) | <spec and count> | <> | | | Keyboard + mouse | <spec> | <> | | | Headset | <spec> | <> | | | Mobile phone (if applicable) | <model> | <> | | | Phone plan | <plan, data allowance> | <> | | ### Software (imaged onto device) - OS: <version, fully patched> - Productivity suite - Comms platform - Browser(s): Chrome, Edge, Firefox (as policy) - Security: EDR, DLP, MDM agent, VPN client - Role-specific: <list> ### Home office kit (if remote) - Broadband reimbursement policy: <as per company policy> - Chair / desk provision: <as per company policy> ## 9. Training & Compliance ### Statutory / mandatory (assigned Day 1, due within 14 days) | Course | Due | Evidence | |---|---|---| | Data protection / GDPR | T+14 | LMS completion cert | | Information security awareness | T+14 | LMS completion cert | | Health & safety | T+14 | LMS completion cert | | Acceptable use policy acknowledgement | Day 1 | Signed | | <sector-specific, if applicable> | T+<> | <> | ### Role-specific (assigned Day 1-5, due within 30 days) | Course | Due | Evidence | |---|---|---| | <system walkthrough> | T+14 | Buddy sign-off | | <tool certification, if applicable> | T+30 | Vendor cert | ### Ongoing | Course | Frequency | |---|---| | Security refresher | Annually | | <sector-specific refresher> | <cadence> | ## 10. Offboarding Preview Pre-populated so there is no "blank page" problem if separation happens. - Return asset tag(s): <from section 8>. - Revoke access: every row in section 6, with audit log per row. - Disable and then archive identity account (per retention policy). - Email forwarding configured to line manager for <N> days. - Exit interview booked with HR. - Final pay and expense reconciliation with Finance. - Physical badge / keys returned. - Knowledge transfer session(s) with successor or team. ``` ## Example invocation **User:** "/onboarding-builder - we've hired a Senior Network Engineer starting 2026-05-06, hybrid 3 days in London HQ, reports to Head of Infrastructure, replacing someone who left last month. Needs access to all firewalls, switches, the monitoring stack, and the change management system. Also needs server room access." **What the skill will do:** 1. Ask about exact software set (specific firewall/switch admin tools), whether to mirror predecessor access (with risk review) or build fresh, buddy assignment, and kit spec (likely a higher-spec laptop + extra monitor for a senior engineer). 2. Produce the full pack with dates calculated back from 2026-05-06 (T-10 = 2026-04-22, etc.). 3. Flag server room access as a privileged item requiring a separate request post-probation, not Day 1. 4. Include a predecessor access-transfer step in the access matrix with explicit review ("confirm these are still appropriate for the new hire, not just inherited"). 5. Build a 30/60/90 with specific senior-level deliverables (e.g. by Day 30 they've documented one inherited risk, by Day 60 they've led one change, by Day 90 they've led a post-incident review). ## Notes for the requester - **Start early.** 10 business days before start is the minimum for comfortable IT prep. For privileged roles or international hires, start at 20+. - **Don't mirror access blindly on a replacement hire.** Predecessor may have accumulated drift - wrong groups, old project permissions. Use this as a chance to reset to what the role actually needs. - **The first-week frustration score is a KPI.** If a new hire spends Day 3 waiting for VPN to be fixed, your process failed before the hire started. Track and improve. - **Segregation of duties matters.** The person approving access should not also be the person granting it. If your process collapses those two, flag it - auditors will. - **"Good" looks like:** the new hire is productive (can send an email, join a meeting, open a ticket, access the team drive) by end of Day 1. Their first full week has no IT-related blockers. Day 90 review conversation is about the work, not about access that's still missing.