- How is our IT system performing? How do we know? Do we have any tools that track this?
- Are we having any ongoing repetitive issues with employees and or business partners or customers? How do we keep track?
- Are our systems secure internally and externally? How do we maintain security? What standard practices do we follow?
- Do we limit access to sensitive data? Do we track who accesses the data? How?
- Tell me how our backups work. What data is backed up? Who decides? Are all PCs backed up? What is the maximum period during which we can recover a lost or corrupt file?
- If we have an extended outage or lost our office to fire or natural disaster do we have an IT plan to operate? Is it documented? Can I get a copy?
- What areas of IT need improvement? Would you recommend we focus our efforts on technology, staffing, training, new applications, business continuity or somewhere else?
- How do we ensure knowledge about our IT is not one person-dependent? Do we cross train? Are we documenting? Can I get a copy?
- Can third party relationships help boost technical expertise, improve service levels, and reduce costs in the non-strategic areas?
- Is company-sensitive data accessed by personal use devices such as home computers or smart phones? When an employee terminates, how do we recover sensitive data that may reside on personal use devices? Do we have the ability and authority to remotely wipe sensitive data? How is IT notified when an employee leaves the company? Are the procedures documented?