Device Provisioning Checklist for HCI CA Company laptop devices

You can use this as an IT handover SOP.


HCI CA – Device Provisioning Checklist

Version: Feb 23, 2026
Applies To: All Company-Issued Laptops & Desktops


Phase 1 – Pre-Provisioning (Before Power-On)

☐ Record device details:

  • Make / Model

  • Serial Number

  • Asset Tag ID

  • Assigned User

  • Department

  • Date Issued

☐ Confirm device purchased through approved vendor
☐ Verify hardware specs meet minimum standard
☐ Confirm warranty registered


Phase 2 – Operating System Setup

☐ Install or verify latest OS version
☐ Apply all system updates
☐ Set region/time zone (Canada)
☐ Rename device using naming convention (e.g., HCI-CA-USER-01)


Phase 3 – Security Configuration (Mandatory)

Account Setup

☐ Create standard user account (no local admin rights)
☐ Disable guest account
☐ Store admin credentials securely in password manager

Encryption

☐ Enable full disk encryption

  • Windows → BitLocker

  • Mac → FileVault

☐ Store recovery key securely (IT vault)

Antivirus / Endpoint Protection

☐ Install endpoint protection software
☐ Confirm real-time protection enabled

Firewall

☐ Confirm OS firewall enabled

Auto-Lock

☐ Set screen lock timeout (5–10 minutes)
☐ Require password on wake


Phase 4 – Mandatory Application Installation

Install and verify login:

Google Chrome
Mozilla Firefox
Microsoft Office (offline desktop install)
Microsoft Teams (Desktop)
Adobe Acrobat Reader
Asana Desktop App
Zoom Desktop App
WhatsApp Desktop (if required)
Citrix Workspace (if role requires)
TeamViewer (IT configuration only)


Phase 5 – Account & Access Setup

☐ Microsoft login configured
☐ MFA enabled on Microsoft account
☐ Email tested (send/receive)
☐ Teams tested
☐ Asana login verified
☐ Zoom login verified
☐ Citrix access tested (if applicable)
☐ Shared drives access confirmed


Phase 6 – Browser & Security Hardening

☐ Set default browser
☐ Install approved extensions only
☐ Disable password saving in browser
☐ Set homepage to approved company page
☐ Remove unnecessary bloatware


Phase 7 – Optional Apps (If Approved)

Canva Desktop
Adobe Acrobat 2020 (Licensed Users Only)


Phase 8 – Backup & Recovery

☐ Enable OneDrive sync
☐ Confirm auto-backup working
☐ Create restore point
☐ Document recovery procedures


Phase 9 – Final QA

☐ Reboot device
☐ Confirm all apps launch properly
☐ Confirm no pending updates
☐ Confirm device encryption status
☐ Confirm no admin privileges assigned to user


Phase 10 – Handover

☐ User signs Acceptable Use Policy
☐ User confirms MFA enrollment
☐ IT provides basic security briefing:

  • No personal software installs

  • No local file storage (use cloud)

  • Report suspicious emails immediately

☐ Mark device status as “Deployed” in asset tracker


Governance Note (Important for Nonprofit Compliance)

This checklist supports:

  • PCI compliance posture

  • Donor data protection

  • Cyber insurance requirements

  • Board-level cybersecurity governance


Good to consider:

  • A Device Decommissioning Checklist

  • A Lost/Stolen Device Response SOP