We have all been there. A service (like internet, phone, and software as a service subscriptions like QuickBooks online) is disrupted or just stops – seemingly out of the blue. You pick up the phone and call the vendor to find out why they have caused this service disruption. You explain the situation and sit back, sometimes not so patiently, and await their response for what is most certainly their mistake. Then it happens, they explain that you (meaning someone at the company) were notified. You ask who and it turns out the communication about the upcoming service outage was sent to person “X”. Turns out person “X” hasn’t been employed at your company for 3 months and you stopped e-mail forwarding. Even more common is that person “X” is still there but failed to notify management or pass along the information. This happens all of the time but does not need to.

Stop the chaos

It’s pretty straightforward. Get a policy and corresponding procedures in place for managing your IT vendor notifications. That policy should include a shared mailbox that the vendor needs to use when communicating anything about the contract, services, and maintenance notices etc. By using a shared mailbox, you now ensure that all necessary stakeholders are notified of impending changes and service interruptions etc. A shared mailbox is preferred over a distribution list since with a shared mailbox all of the historical emails are retained in a centralized mailbox (instead of in individual mailboxes like a distribution list) and users are also automatically removed from the shared mailbox when they leave an organization, and their account is deprovisioned.

What if you only want a small number of key people to know the details about a contract, but all department heads should know about a scheduled maintenance period which will impact services. What about your IT team? Whether they are internal or external, they need to be included in all matters that tie to the operations of your technology infrastructure. Shared mailboxes, which speak to all of these types of scenarios, need to be created and managed as a part of your IT policies and procedures. And when you sign a new contract with an IT-related vendor, this same policy needs to be enforced and procedures followed.

Enforce a procurement policy

A highly supportive effort is the development of a procurement policy. I have seen plenty of scenarios where the wrong people in an organization are procuring technology related things. They purchase domains or website hosting which causes higher total cost of ownership and lowered supportability. Only the IT people who follow the procurement policy regarding listing proper contacts for resources should be procuring things like internet connections, telephone services, web hosting, domain/DNS hosting, etc.

I have seen circumstances where no one in the entire channel of support of a service is notified in any way by the external vendor because a general business manager or assistant to the CFO was allowed to procure services. It is understandable that the CFO would like to have control over procurement and contracts. But when they act in isolation and fill out the service contract requests themselves, they inevitably fill them out incorrectly. Why? Because the CFO has never had to support the service they are procuring. They think it is ok to list themselves as the only point of contact with the vendor. But the inevitable outcome of that is that no one with any IT responsibility is listed as a contact on that vendor account. The vendor sends communications about changes, maintenance periods, or outages and the IT people never receive those communications. Furthermore, from a business continuity and shared support model perspective, no critical service should ever be registered to an individual’s email address.

How QPC Security can help

The challenge can be that if you don’t know the totality of services that can be impacted by one change, any policy and procedure you create for this is not effective. Example, maybe you receive a notice that power will be out in your building for a few hours on the weekend. What you do not realize is that certain devices on your network need to be powered down and powered back on in a very specific order to restore full functionality. This is where a company like QPC Security provides the most value with our vCIO services. We have 25+ years of experience and have obtained the vast knowledge to know how all your technology related services are interconnected and exactly where things can and do go haywire when the right IT procurement and management related policies and procedures are not developed and implemented. When new services are procured, we ensure proper business continuity by setting up notifications to be sent to shared mailboxes and we monitor those mailboxes.

Keep in mind that it is very common for vendors to set the main point of contact as the person that signed up for the services and that person’s individual email address is then set on the record as the primary email for all communications. What happens when renewal reminders are sent to an individual’s mailbox which is then inadvertently overlooked or just plain ignored? When your product or service stops working, it creates chaos and everyone at your company pays the price in loss of productivity.

We can help prevent the chaos today, tomorrow and in the future. For more information on our vCIO services, contact us today at 262-553-6510 or by visiting qpcsecurity.com.