Managed IT · Pinellas County

Managed IT checklist for small teams.

Cover the essentials that keep your site, email, and data online and secure.

Baseline tasks (check who’s watching).

  • DNS, SSL, and domain renewals: who owns them, and are expirations monitored with alerts?
  • OS/app patching: is there a staging step, and do you know the last successful patch window?
  • Backups: when were restores last tested, and how long did they take?
  • Monitoring: who responds after hours, and what’s the on-call escalation path?
People & access (the soft underbelly)
  • MFA on all admin accounts, not just “most”—audit it.
  • Least privilege enforced, with quarterly access reviews and removals.
  • Password manager + SSO where possible; no shared inbox logins.
  • Vendors time-boxed and logged; who can revoke access in minutes?
Get managed IT help

Risk signals hiding in plain sight.

If any of these feel fuzzy, your current support likely isn’t covering the basics.

  • SSLs expiring unexpectedly, or “temporary” certs that never got fixed.
  • Backups “green” but no proof of restore time or integrity.
  • Unknown who owns DNS or registrar logins; no 2FA on the registrar.
  • Monitoring alerts routed to a shared inbox with no on-call rotation.
Accountability Verify it
  • Document owners for DNS, SSL, backups, monitoring, and access.
  • Time-box responses: who jumps in at 10pm on a Friday?
  • Require proof: last patch date, last restore test, last access review.
  • Escalation map with names, not just a helpdesk email.
Audit my IT coverage

Compliance, logs, and incident muscle memory.

Strong teams practice. Contracts without drills won’t help when things break.

  • Logging and retention: who can pull access logs or admin changes on demand?
  • Incident runbooks: who declares an incident, who communicates, and how do you roll back?
  • Vendor dependencies: do you know which providers to call for DNS, hosting, email, and auth?
  • Quarterly drills: simulate outages, DNS hijacks, or expired SSLs to find gaps.
Test it Prove readiness
  • Tabletop exercises with the real team that responds—not just managers.
  • Measure time to detect, time to respond, and time to restore.
  • Keep alternate contacts for vendors; avoid single points of failure.
  • Review logs and access after every incident; remove lingering vendor accounts.
Run a readiness drill