To keep company systems secure, cost-effective, and well-integrated, please follow these guidelines before adding any new IT or SaaS service. This helps avoid shadow IT, duplicated tools, and potential security risks while maintaining a birds eye view of the company’s digital ecosystem.
1. Check with IT first
Before signing up for or provisioning any new service, contact IT. This ensures the service:
Fits with existing systems
Avoids unnecessary duplication
Meets security and compliance standards
2. Confirm how it will be paid
Determine whether the service will be covered by IT budget, invoicing, client billing, or individual payment before setup. IT can help ensure accounts, billing, and invoicing are correctly configured.
3. Use company sign-in where possible
Use "Sign in with Google" or "Sign in with Microsoft" options where available, depending on which platform your company email uses.
This reduces passwords, keeps access aligned with company identity, and simplifies off-boarding.
4. Use app-based MFA if a password is required
Microsoft Authenticator or Google Authenticator is recommended, depending on which platform your company email uses.
SMS text message MFA (multi-factor authentication) is not supported for new services — it’s less secure and being phased out.
5. Avoid password sharing
Each user must have their own individually named account. Shared passwords are not allowed.
6. Company phone numbers are not provided for MFA
App-based authentication is the supported method.
7. Share administrator details
Even if IT won’t manage a service directly, we need visibility. When a service is approved, provide the administrator email address so IT knows who to contact for support, security, or access questions. This helps maintain a bird’s eye view of the company’s IT/SaaS ecosystem and avoid surprises.
8. Unsure? Ask IT first
If you’re not sure whether a service fits the guidelines or who will manage it, check with IT before proceeding. Clarifying early prevents duplication, security gaps, and unnecessary costs.
9. Exceptions
If a service cannot meet these standards, provide the service name and limitation to IT before proceeding. We’ll review the safest and most cost-effective approach.