Starting an IT department from scratch may not seem like a common occurrence these days. But it happens. You may find yourself hired as an IT engineer for a small company that has no formal IT department in place, leaving it up to you to create one. Or, you may join a company that previously used a third-party IT provider or MSP, but has now decided to migrate to an internal IT strategy.
Whatever your reason for setting up a new IT department, there are a number of steps to getting IT operations up and running smoothly. This article walks through the main processes and considerations you should cover while you are starting an IT department from scratch.
Contact the Previous IT Provider
Your first step should be contacting the previous IT provider to glean as much information as you can about how that company managed your organization’s IT needs.
Expect that information to be limited. In most cases, the previous IT provider will not be willing to spend a large amount of time walking you through its operations. You’ll need to collect a lot of the necessary information yourself in order to replace the previous provider’s IT systems and processes.
At a minimum, however, you should be able to get the previous provider’s SLAs. You should also ask for access credentials to relevant systems. The previous IT provider should be able to hand over this information quickly and with minimal effort.
Perform an IT Inventory and Network Review
Unless you’re fortunate enough to get a complete inventory of IT assets and network mapping from the previous IT provider (which is unlikely), you’ll need to collect this information yourself.
Start by using a network scanner, like Nmap or a commercial network mapping tool, to identify all the devices on your network. Keep in mind that some devices may be connected intermittently, so you’ll need to run scanning software for an extended period to identify all of them.
Once you have a list of devices, compile an inventory using an IT asset management tool. For every device in your inventory, you should identify:
- Contract status: Which service contracts, if any, govern the device? If there is an external provider for the contract (such as an ISP or hardware vendor), note the provider’s contact information.
- Patching status: Are the device firmware and software up-to-date?
- Warranty status: Is there a warranty for the device? If so, when does it expire?
- Replacement plans: When is the device’s expected end of life? Is there a plan in place for replacing it?
With this information, you can identify devices that need to be replaced or require preventative maintenance. You can then make a list of actions to take, prioritizing those that require urgent action.
Further reading Network Documentation Best Practices
Assess Facilities Needs
Beyond inventorying devices, you should also take stock of the overall state of your IT facilities. Items to review include:
- Physical security: Is physical access to IT resources, such as server rooms and wireless routers, properly secured?
- Network bandwidth: Does the network provide adequate bandwidth? Are there any issues with latency or reliability? Do you have a network backup plan in place in case your primary network fails?
- Energy supply: Does your facility have an adequate electricity supply? Are critical systems protected by UPS units? Is there a history of power disruptions?
- HVAC needs: Does your HVAC system function properly in order to keep servers and other sensitive equipment cool?
- Conference rooms: If your organization has conference rooms, do they contain the IT equipment they need? Is the equipment working properly?
Here again, taking stock of this information will allow you to build a plan for upgrades and replacements that prioritizes the most urgently needed items.
After assessing the state of devices and facilities, you can assess your software management needs. Evaluate:
- Monitoring software: Make sure you have a system in place for monitoring the availability and performance of devices and software, such as Nagios or a commercial monitoring tool.
- Critical business software: Identify the software systems that the business depends on, such as office applications, payroll software, and so on. Make sure that software is up-to-date and that you are prepared to support it. Pay especially close attention to specialized applications that were developed exclusively for the business. Ensure that you can obtain adequate support for these apps from an external vendor or (if you can’t) allocate the resources you need to manage them effectively in-house.
- Remote support: If your users require remote access and support, as most do in modern IT environments, ensure the proper software, such as VPN and RDP servers and clients, is in place.
- Videoconferencing: Make sure, as well, that your users have the videoconferencing software they need, and that it is properly licensed and supported.
Further reading MSP Software Stack Overview
Deploy a Ticketing System
The previous IT provider may already have a ticketing system in place where users can issue support requests and you can manage them. If so, and the system works well, continuing to use the same one will simplify matters for users.
If there is no ticketing system in place, deploy one. There is a variety of open source and commercial ticketing systems to choose from.
Be sure your end-users know how to use the ticketing system, and that it is accessible to them via whichever channels (email, phone calls, in-person visits, and so on) they find most effective.
Check whether the company has a backup routine in place. If so, identify where backup data is stored, how frequently backups are created, how much backup data there is, and which types of media (cloud storage, tape drives, hard disks, and so on) are used to host it.
Determine whether the current backup operations satisfy the 3-2-1 backup rule and, if not, update them so they meet this requirement. You should also evaluate the organization’s RTO and RPO needs and adjust the backup strategy accordingly.
Remember, too, that creating backups is only half the battle. It’s also critical to have a disaster recovery plan in place so that you can restore systems quickly from a backup if something goes wrong.
Create or Update Documentation
Ideally, the previous IT provider will have created documentation for IT systems and procedures and made that documentation available to you. If not, or if the existing documentation is incomplete, you’ll need to create documentation of your own.
Documentation needs vary from business to business, but general documentation guidelines to follow include keeping it readable and accessible.
In addition, although you may not have the resources to create detailed documentation for every system and process in your new IT department, you should document critical support procedures, security information, password and access-control policies, and contact information for external vendors.
Assess the security status of IT assets and processes, and take steps to address security shortcomings. In particular, evaluate the following:
- Access control: Ensure that regular users don’t have admin privileges or access to systems that they don’t need to access. Follow the principle of least privilege.
- Directory service: If there is already a directory service, like Active Directory, in place, make sure it is configured according to security best practices by, for example, requiring users to update their passwords periodically. If there is no such service, implementing one will help streamline identity management across your organization and reduce some security risks by allowing you to manage access credentials in a centralized way.
- Security incident history: By searching through logs and documentation or via a conversation with the previous IT provider, learn which types of security incidents have occurred in the past. This will give you a sense of which risks are most pressing.
- Review networking configurations: Check DHCP and DNS settings. Make sure endpoints with static or manually configured IP addresses have a good reason to be configured that way. Verify whether the necessary restrictions are in place for allowing new devices to join the network (in most cases, you should require new devices to be registered before they can connect). Document this information to ensure ongoing visibility into settings that help control access to the network.
- Plan security training: To the extent feasible, plan a training program for end-users to help guide them in following security best practices. Focus on the risks that are most significant for your organization, or that are the most prevalent in general for modern companies. For example, training employees to resist phishing attacks is a wise practice today, when phishing is on the rise.
Communicate with End Users
Make sure your end-users (who include not just employees but also any external contractors or partners you need to support) know that you are setting up a new IT department. Send them a welcome email with instructions on how they can reach you and any relevant information regarding changes to systems they use.
Keep this information concise -- end users don’t need to know every detail of a new ticketing system you’ve launched or changes to the backup routine, for example -- but be sure that users can understand how any updates you’ve made will impact their workflows.
A few other points to consider as you’re setting up a new IT department include:
- Admin availability: What will the availability of your IT support staff be? Will you handle requests only during the workday, or on a 24/7 schedule? Will availability vary for different systems or types of support requests?
- Future events: Keep abreast of future plans and organize your IT strategy accordingly. Does the company plan to expand significantly in the foreseeable future? Will it move to a new location or add locations? Will there be a massive number of new hires?
- Your place within the organization: Depending on the type and size of your company, you may be the only type of IT organization within it, or you could be an IT unit within a much larger company.
For example, perhaps you manage IT operations for just one division of a larger company that has other IT departments for its other divisions. Or maybe you manage IT for just one region of the company’s operations. Whatever the arrangement, understand how your new IT department fits within the broader organization of which it is a part. If there are other IT units or managers within the company, learn how to interface with them.
Starting an IT department from scratch is a complex and lengthy process. We’ve touched above on only the essentials; you shouldn’t think of the preceding steps as a comprehensive list of everything you need to do. Nor should you expect to complete this process in a matter of weeks or months. Expect it to take years to build out a fully functioning IT department when you are starting from scratch.
Nonetheless, the guidance above is a useful starting point for determining which general areas and considerations you’ll need to address as you begin the task of setting up a new IT department.