“To expect the unexpected shows a thoroughly modern intellect.” -Oscar Wilde

The email and network systems we manage are all humming along.   Email is routing uninterrupted, along the Internet highway.  People are communicating seamlessly, with threaded email conversations back and forth. Helpdesk requests are down.  Isn’t life grand?

As you’re casually looking around the system with your monitoring tools, your IT manager bursts into your office.   He nervously hands you a 25 page document and announces “Senior management wants us to perform an IT audit. 6 pages cover our email infrastructure. I need you to complete that section by tomorrow“. What?  You’re not prepared?  Were people supposed to give you advance notice?  These days email administrators can expect this type of scenario to happen more often.

Now is the time to get your email procedures and documentation in order.  Proactively dig your audit well before you, your team and your IT manager get ambushed.  Everyone looks bad when this happens, if you are not prepared.

This documentation task may seem overwhelming.  For now, just create a high level overview framework.  Break the email operations document it into 2 main areas and frame it as questions. As you answer them, the documentation will start to develop on its own. Then review this document with your manager and other team members.  This is not meant to be comprehensive.  These are some suggestions to jump start this extremely necessary information.

End User Email Procedures

• What is the process for registering new accounts?
• Have email users been given documentation for keeping their email account secure?
• Who initiates new email account requests?
• Are there standards for creating email addresses and passwords?
• What is the account deactivation process for exiting employees?
• Is there a separate account administration department that creates all corporate wide accounts for all technology systems. What is their process?
• Where are passwords kept?
• What is the process for a password reset?
• Under what circumstances is an email user locked out of their account?
• What is the process for unlocking an account?
• Can anyone outside of the email user have access to another email account?
• Are general purpose department email accounts accessed by multiple people? Is a single login ID and password used by everyone? Or is a unique ID and password required for each person to access the general email account?

Email System Procedures

• Is there a weekly server maintenance window?
• Are sever security updates given priority over other types of updates?
• What are the archiving or back up procedures?
• What are restoration procedures?
• What is the service level time frame from restoration request initiation to notification of email user that a restore is complete?
• Does responsibility of archiving and back ups lie with a single resource or multiple entities?
• What the logging procedures for system maintenance?
• What tools are in place to prevent unauthorized outside server access? How do they work?
• What are the email helpdesk support procedures?

Once this documentation is complete, unexpected IT audit requests will be a no brainer.  Just copy and paste the appropriate procedure into the specific IT audit document section.  Now you can confidentlly respond to to your manager’s impromptu request with “no problem”.  Instead of answering the email administration related IT audit questions by tomorrow, you can do it by close of business today.  You make your manager look good and she thinks you’re a super star.  Who’s seriously being considered for a raise the next time that conversation comes up?