The time to onboard a new client is dramatically impacted by the amount of documentation they have about their IT environment. After data backup, network documentation is the most important item to put a client back in good working order after a failure of critical infrastructure like a server or firewall.
I spent some time with a new client the other day reviewing our onboarding process and asked them what documentation they had and what their previous vendor should have. I was surprised by the lack of information they had in their possession and even further surprised when they told me they had already requested documentation and received – two passwords.
Below is a basic framework for network documentation. Asking these questions of your IT vendor or IT staff will get you closer to being aligned with IT best practices.
- What is documented?
- User names and passwords for firewalls, routers, switches, wireless access points, servers, printers, time clocks or any IP device on the network that must be programmed and configured.
- Website addresses, account numbers, passwords, PINs, security question answers for all third-party vendors including Internet service providers, Website Registrar, Website hosting, application providers and Microsoft volume licensing.
- User names and passwords for Data backup platforms including a decryption password
- Vendor contacts including websites, names and phone numbers
- “How to” regarding setting up computers, users, applications and email.
- How is it documented?
- Documentation can easily be kept in Microsoft Excel, Word or Access as well as proprietary applications and tools. For most small businesses these solutions should suffice if they are password protected.
- Ways we have seen that don’t work – handwritten sticky notes, your IT guy’s head
- Where is our documentation kept?
- Preferably locally at the office so it is easily accessible and a second copy off premise for safekeeping, kind of like data backup. A copy or a person is a single point of failure waiting to happen.
- When do you document?
- Rarely is your IT environment steady state. There is a life-cycle of new equipment, applications, password changes, vendor changes, staff changes.
- As it changes would be best but a regular process on a quarterly or bi-annual time-frame of auditing the contents of the documentation will allow for items to be addressed in a timely manner before the emergency when they are needed.
- Why am I asking about documentation?
- Without documentation the amount of effort to fix an item could negatively impact your business up to and including having to reprogram or reinstall an item in its entirety. That time could be measured in days, not hours.
- Certain industries need documentation to meet business continuity planning as part of a compliance requirement.
Scott Cooper is the President of Tower 23 IT, an IT outsource solution for small to medium businesses specializing in protecting client health and financial data to meet privacy, compliance and security requirements in the healthcare, legal, financial, real estate and insurance industries. Scott can be reached at scottc@Tower23IT.com or 858.877.6219.
