Okay, in Part I we covered the concepts behind email, now it’s time for the…
Create an account for the organisation
This ensures that all the data that belongs to your organisation is under your control.
With the majority of communication taking place via email, the temptation will be to use the email addresses that the individuals involved already have.
Don’t do it!
It may be easier now, but when the role is handed over to someone else the data will almost certainly be lost. In addition, if the data is attached to an individual’s private account it legally belongs to them, not the organisation.
And if the relationship between the organisation and individual in question breaks down, you may as well kiss your data goodbye. Getting it back will almost certainly be very painful, and take more time, money, and lawyers than you have access to.
Services such as Google allow small organisations and charities to do this for free, (Google for Non-Profits) so make use of them. We do not advocate for Google, and other services exist. The choice of which suits you best will be dependent on your organisation & circumstances, but theirs is a good offering.
One reason for this is because they have a suite of integrated services included with the email, notably Google Drive, which lets you store all your data in an easier to use format than just having it in emails. This is something you should consider, and that I will be detailing in a later post.
Whether you use Google or not, sticking to a big-name provider reduces the risk of your service being lost without notice.
- The administrator user name and password for the account should be available only to recognised office holders. An admin account lets you make whatever changes you want, so if someone who doesn’t know what they’re doing uses it they could do a lot of damage.
- User names and passwords should be stored in such a way that they can be accessed by other office holders should the nominated person suddenly become unavailable. Shared cloud based password systems are useful for this and other reasons. A personal emergency should never leave your organisation unable to access its own account!
- Name the account unambiguously. At this point you should seriously consider registering a domain name for your organisation, for the following reasons:
- It only costs a few pounds per year.
- Your email addresses are those of your organisation and not your service provider (yourorganisation.org.uk rather than yourorganisation.google.co.uk for example).
- If you choose to move your service provider you won’t have to change all your email addresses, avoiding the disruption that would entail.
- If you don’t do it people will assume that you’re too cheap, technically inept, or simply couldn’t be bothered, and that’s not a good look.
- You can do this within Google as part of the sign-up process or with a separate domain registrar. Your preferred domain may already be taken so be prepared to try a few variations until you get one that’s available. Your will probably want a .org.uk domain as this signifies that you are a non-commercial organisation in the United Kingdom.
Create mailboxes for roles not individuals
- For each role, create a mailbox and give the user name and password to the individual performing that role. For example, ‘Treasurer@domainname’ rather than ‘Bob_Example@domainname’. This means that when Bob moves on, you don’t have to create a whole new account or have their replacement constantly explain that they aren’t Bob.
- Ensure that all electronic communication for a role is performed with that mailbox. Do not use personal accounts, and do not cross-contaminate roles (e.g., dealing with Clerk matters in the Treasurer account). This is especially important if you have someone with access to multiple accounts.
- The first action performed by anyone taking over a mailbox should be to change the password, to ensure that only they can access it.
- When setting up a mailbox for the first time, if individuals already have correspondence in their personal mailboxes (and you’re still on good terms) get them to forward the relevant email to the new mailbox.
- If it becomes necessary to have an individual’s access removed from a mailbox, the account administrator can force a password reset. This should be done as soon as an individual ceases performing a role, as a routine matter of security.
- On a regular basis (semi-annually or annually) who has access to each mailbox should be reviewed to ensure that it’s correct and up to date.