Customer Data Safety Policies: Customer Data, Operating Systems, Network Device Settings
Introduction
Next to security, avoiding data loss is our most important priority. We do not remove anything - accounts, files, email folders, etc. - ever without a backup unless the customer provides written assurance that they no longer need the data in question.
We do not remove anything - accounts, files, email folders, etc, ever without a backup unless the customer provides written assurance that they no longer need the data in question.
- Before removing anything belonging to a customer, whether an operating system, an Outlook profile, firewall settings, or simply files or folders, either:
1. A backup must be created and verified; or2. An authorization contact must give written permission (via email) for the data to be removed
- Before instructing a customer to delete any email accounts on a mobile device, a backup must be created and verified. Again, we do not remove anything without a backup. Even if you believe all of the data is on a server, you must still either back up the data or instruct the customer to back it up.
- For non-Exchange email accounts: If you are working with a customer on a device that you can't fully access, such as a phone, you must confirm that there is a backup of all data before removing any accounts from the mobile device. You must never tell a customer to remove an account from a phone unless either you have verified the existence of the backup in a separate location or the customer has provided written confirmation (via email) that a backup exists.
You can see a phone (but not control it) via ScreenConnect.
Losing a customer's data or causing a customer's data to be lost may result in immediate termination of employment.
If creating the backup will cause the work to take much longer to complete, you should notify the customer. If the customer does not want us to perform the backup, the customer must confirm in writing (via email in a note sent to the ticket) that we are not responsible for any issues arising from that decision and that any remedial work necessary due to failure to create a backup before removing anything is billable time. You must get a customer authorization contact's acknowledgement in writing before proceeding.
Getting Written Acknowledgement from the Customer
For remote work: The written acknowledgement can be sent via email to the ticket
For onsite work: A note can be added in the Notes section of the OSSR form and customer can initial the note before work proceeds. When applicable, note the serial number of any hard drives to be erased.
Policy on Customers with Documents Redirected to Server or MS 365
Our customers with server or cloud document storage should know that any important files should be stored there, not locally on the computer. However, before wiping any hard drives, you must get permission from a customer authorization contact.
We expect users to store their data on the server. This is why we perform a daily backup of the server but not the individual computers. As long as the primary contact confirms IN WRITING that all data on the workstation is stored on the server, you don't need to back up a workstation hard drive.
Outlook Backups
Before erasing Outlook profiles, the profile should always be backed up to be safe. However, you should also remind an Exchange user in writing that they are responsible for saving all their Exchange data on the server, not locally.
Network Devices
When installing network appliances – firewalls, routers, managed and smart switches, etc. – technicians must make a backup of the old and new device configuration. Please back up the settings and upload the backup file as an attachment to the configuration item in IT Glue.
When Working with External Contractor
Please note that if you are working with a subcontractor or vendor and you instruct the subcontractor or vendor to delete something, you are responsible for instructing the subcontractor to create and verify the backup before erasing anything and for confirming this has been done.
Failure to follow these policies may result in termination of employment.
Related Articles
Checklist for Creating Quote for Data Migration to MS 365 from On-Premises Server
Verify users' operating systems are compatible with M 365 sync apps and Office apps. Verify path and file names are not too long for Microsoft. Check for illegal characters in file names or blank spaces at end of file names (especially if source is ...Mobile Device Management (draft)
Monitor, manage, and secure employees' smartphones and tablets. Ensure compliance with company policies and enforces security measures like password requirements, encryption, and remote wipe capabilities to protect sensitive data. Manage applications ...New Prospect and Client Intake Instructions (New Customer)
This procedure applies to inactive customers in AT as well as to customers that have not opened a ticket or been billed by us in at least one year. They are to be treated as new customers. The only difference is that instead of creating the account ...Computer and Peripheral Sales Policies
We sell computers, servers and network devices. We are an authorized Dell and Asus reseller. We also purchase computers directly from Carbon Systems. We order Dell business* computers through Dell Premier portal. We only sell business-line computers. ...Customer Reports Workflow
Workflow On the first of the month we have scheduled all Datto RMM reports to send with "Scheduled RMM Report: " followed by Autotask/Datto Company Name in subject. Recipient: Info@nygeekgirls.com . A PowerAutomate rule (RMMREPORTFIX1) processes the ...