You can use this as an IT handover SOP.
HCI CA – Device Provisioning Checklist
Version: Feb 23, 2026
Applies To: All Company-Issued Laptops & Desktops
Phase 1 – Pre-Provisioning (Before Power-On)
☐ Record device details:
Make / Model
Serial Number
Asset Tag ID
Assigned User
Department
Date Issued
☐ Confirm device purchased through approved vendor
☐ Verify hardware specs meet minimum standard
☐ Confirm warranty registered
Phase 2 – Operating System Setup
☐ Install or verify latest OS version
☐ Apply all system updates
☐ Set region/time zone (Canada)
☐ Rename device using naming convention (e.g., HCI-CA-USER-01)
Phase 3 – Security Configuration (Mandatory)
Account Setup
☐ Create standard user account (no local admin rights)
☐ Disable guest account
☐ Store admin credentials securely in password manager
Encryption
☐ Enable full disk encryption
Windows → BitLocker
Mac → FileVault
☐ Store recovery key securely (IT vault)
Antivirus / Endpoint Protection
☐ Install endpoint protection software
☐ Confirm real-time protection enabled
Firewall
☐ Confirm OS firewall enabled
Auto-Lock
☐ Set screen lock timeout (5–10 minutes)
☐ Require password on wake
Phase 4 – Mandatory Application Installation
Install and verify login:
☐ Google Chrome
☐ Mozilla Firefox
☐ Microsoft Office (offline desktop install)
☐ Microsoft Teams (Desktop)
☐ Adobe Acrobat Reader
☐ Asana Desktop App
☐ Zoom Desktop App
☐ WhatsApp Desktop (if required)
☐ Citrix Workspace (if role requires)
☐ TeamViewer (IT configuration only)
Phase 5 – Account & Access Setup
☐ Microsoft login configured
☐ MFA enabled on Microsoft account
☐ Email tested (send/receive)
☐ Teams tested
☐ Asana login verified
☐ Zoom login verified
☐ Citrix access tested (if applicable)
☐ Shared drives access confirmed
Phase 6 – Browser & Security Hardening
☐ Set default browser
☐ Install approved extensions only
☐ Disable password saving in browser
☐ Set homepage to approved company page
☐ Remove unnecessary bloatware
Phase 7 – Optional Apps (If Approved)
☐ Canva Desktop
☐ Adobe Acrobat 2020 (Licensed Users Only)
Phase 8 – Backup & Recovery
☐ Enable OneDrive sync
☐ Confirm auto-backup working
☐ Create restore point
☐ Document recovery procedures
Phase 9 – Final QA
☐ Reboot device
☐ Confirm all apps launch properly
☐ Confirm no pending updates
☐ Confirm device encryption status
☐ Confirm no admin privileges assigned to user
Phase 10 – Handover
☐ User signs Acceptable Use Policy
☐ User confirms MFA enrollment
☐ IT provides basic security briefing:
No personal software installs
No local file storage (use cloud)
Report suspicious emails immediately
☐ Mark device status as “Deployed” in asset tracker
Governance Note (Important for Nonprofit Compliance)
This checklist supports:
PCI compliance posture
Donor data protection
Cyber insurance requirements
Board-level cybersecurity governance
Good to consider:
A Device Decommissioning Checklist
A Lost/Stolen Device Response SOP