Amtelco Infrastructure Review Checklist for Internal IT Teams

How to Use This Checklist

Work through each section in order. For every item, the answer should be either "yes, documented" or "no, action required." Anything in between is the same as no. This is the kind of review that benefits from a peer or outside set of eyes; institutional familiarity quietly turns into blind spots over time.

If the environment includes Amtelco call center platform components — Infinity, Genesis, miSecureMessages, or related — apply the checklist to the underlying infrastructure that supports those workloads, not just the application layer.

1. Servers and Compute

• Inventory of every server: hostname, role, OS version, patch level, uptime, ownership.
• Windows Server and SQL Server versions are within their supported lifecycle window.
• Hypervisor (VMware, Hyper-V) is patched and on a supported version.
• Hardware warranties are current and tracked with renewal reminders.
• Capacity headroom on CPU, RAM, and disk is documented for each server.
• SQL Server backup, integrity check, and index maintenance jobs are verified to run successfully.

2. Storage and Backup

• Storage performance (IOPS, latency) for the database tier is monitored.
• Backup jobs cover application data, database, and configuration files.
• Backup retention meets business and compliance requirements.
• At least one full restore has been tested in the last 90 days.
• Backups are stored offsite or in immutable storage to defend against ransomware.

3. Networking and Telephony

• Network diagram exists and reflects current state (not a 2019 snapshot).
• Redundancy review: switches, power, internet circuits, SIP trunks.
• VLAN segmentation between operator workstations, server tier, and office network.
• Firewall rules are reviewed; legacy any-any or temporary rules are documented or removed.
• SIP/PRI carrier contacts and account numbers are documented and accessible during an incident.
• Call quality (jitter, packet loss, MOS) is monitored — not just up/down.

4. Identity and Access

• Every administrative account maps to a real person or a documented service identity.
• MFA is enforced on every administrative account.
• Remote access (VPN, RDP, jump hosts) is consolidated and access-reviewed.
• Break-glass accounts are documented with secure storage of credentials.
• Orphaned accounts (former employees, former contractors) are removed.
• Service accounts use least-privilege and rotated credentials where possible.

5. Security Posture

• EDR/MDR is deployed to every server and operator workstation.
• Patch governance has a documented cadence with deferred-patch tracking.
• Vulnerability scanning runs on a schedule with a remediation workflow.
• Incident response plan exists and includes vendor contacts and escalation paths.
• Logs from servers, endpoints, and security tools flow to a central location.

6. Integrations

• Every integration (CRM, EHR, billing, paging) is documented with owner and purpose.
• Authentication mechanism per integration is documented; credentials are rotated on a schedule.
• Failure mode for each integration is documented: what breaks, how it's detected, who responds.

7. Documentation and Operational Knowledge

• Runbooks exist for the most common operational tasks.
• "First 30 minutes of an outage" runbook exists and is rehearsed at least annually.
• Change history for the past 12 months is captured (who, what, why).
• Vendor list with current contacts and escalation paths is maintained.

What to Do With the Result

Score each section red, yellow, or green. Take the red items into next quarter's plan. Take the yellow items into the annual budget. Use the green items as evidence in your next compliance or insurance review.

If the result is mostly red and the team is already at capacity, a scoped IT and security assessment can produce a written remediation roadmap and clear vendor coordination — without adding to the internal team's plate. For Amtelco-specific guidance, see Amtelco call center platform consulting.