An IT onboarding checklist for installing a new office copier
A copier install handed off without a structured IT plan produces a device that works for two weeks and degrades after that. This onboarding checklist sequences the 28 IT tasks across the install week, splits ownership between IT and vendor, and locks in the security baseline before users touch the device.
How the checklist is structured
The checklist organises 28 tasks into four phases. Each phase has a sequencing rationale: tasks late in the week depend on tasks completed earlier in the week, and skipping early tasks creates rework when later ones surface a problem. Ownership is colour coded: IT, vendor, or shared. Vendors usually expect a structured IT counterpart and respond well to a checklist that makes the dependencies visible.
Phase 1 / Pre install
Network and site preparation
3 to 5 working days before install
1.1
Reserve static IP or DHCP reservationFrom the office printer VLAN address pool
IT
1.2
Open required firewall ports outboundVendor cloud, OS update servers, scan destination services
IT
1.3
Add device to print management software inventoryPaperCut, Equitrac or vendor portal
IT
1.4
Confirm power circuit capacity and dedicated socket16A circuit for A3 MFPs; share confirmation with vendor
IT
1.5
Verify network drop available at install locationCat6 or fibre, with patch panel labelled
IT
1.6
Confirm device serial number, model and MAC addressFor pre provisioning in MDM and inventory
Vendor
1.7
Schedule install window outside core business hoursHalf day window between 14:00 and 18:00 typical
Shared
Phase 2 / Day of install
Physical install and initial network bring up
2 to 4 hours on site
2.1
Vendor delivers, unpacks and positions deviceIT presence not required for this step
Vendor
2.2
Connect to network drop, apply static IPFrom the address reserved in 1.1
Shared
2.3
Apply current firmware update from manufacturerBefore any production configuration
Vendor
2.4
Change default administrator passwordStore in IT password vault, not on the device label
IT
2.5
Disable unused protocols and servicesFTP, Telnet, SMBv1, unused scan protocols, AppleTalk if present
IT
2.6
Configure TLS certificates for SMTP and SMB scanUse internal CA certificate where available
IT
2.7
Enable hard drive encryption and overwrite policyAES 256 standard on most modern A3 MFPs
IT
Why phase 2 sits with IT, not the vendor
Vendor engineers know the device. They do not know the network. Tasks 2.4 onwards depend on internal policy decisions, certificate authorities and password vaults that vendors cannot access. Letting the vendor take ownership here usually produces a device that works but does not meet the internal security baseline.
The exception is firmware (task 2.3), which the vendor manages because it depends on manufacturer specific tooling and procedures.
Phase 3 / Configuration
Print queues, scan destinations and user access
2 to 3 hours, day of install or next day
3.1
Install device driver on the print serverUniversal driver where supported across the fleet
IT
3.2
Configure default duplex and mono settings on driverAligned to office print policy clause 3
IT
3.3
Push driver to client devices via Group Policy or MDMVerify on three test machines before fleet rollout
IT
3.4
Configure scan to email with SMTP relay and DKIMFrom address must pass SPF, DKIM and DMARC on outbound
IT
3.5
Configure scan to folder destinationsSMB or SFTP; document folder permissions in IT runbook
IT
3.6
Configure cloud connectors if applicableSharePoint, Drive, Dropbox; OAuth tokens stored device side
Shared
3.7
Set up pull printing or PIN releaseAligned to print management software policy
IT
3.8
Configure LDAP or AD integration for address bookRead only bind, not full directory access
IT
Phase 4 / Handover
User access, training and documentation
1 to 2 hours, day after install
4.1
Test print, scan and copy from three user accountsIncluding a finance user, a creative user and an admin user
IT
4.2
Vendor delivers user training session30 minutes, on site, recording optional
Vendor
4.3
Post quick reference card on device front panelCommon scan destinations and pull print steps
IT
4.4
Update IT runbook with device recordIP, MAC, serial, admin password vault entry, install date
IT
4.5
Add device to monitoring and alertingSNMP polling, syslog target, dashboard tile
IT
4.6
Confirm meter reading baseline with vendorFor billing reconciliation
Shared
How long the full checklist takes
| Phase | Tasks | Effort (IT) | Effort (vendor) |
|---|
| Phase 1 / Pre install | 7 | 2 hours | 30 minutes |
| Phase 2 / Day of install | 7 | 2 hours | 2 hours |
| Phase 3 / Configuration | 8 | 2.5 hours | 30 minutes |
| Phase 4 / Handover | 6 | 1.5 hours | 45 minutes |
| Total | 28 | 8 hours | 3.75 hours |
Where the checklist matters most
The single highest impact section is phase 2 security hardening (tasks 2.4 to 2.7). Devices arrive with default administrator passwords, all protocols enabled, and no hard drive encryption. Skipping these tasks leaves the office open to a class of attacks that target unsecured MFPs as pivot points into the network. Five minutes of work on each task closes the exposure.
Phase 1 reduces install day friction. Half of all install day delays come from missing network or power preparation. Reserving an IP and confirming power and network drop in advance turns a 6 hour install into a 2 hour install.
The 28 task list is calibrated for a single device install.Fleet rollouts repeat phases 1 and 2 per device but consolidate phase 3 work into a single configuration pass per device class. A 12 device fleet rollout typically completes in three working days using this checklist as the spine.
Adapting the checklist for specific scenarios
Cloud only office
Remove phase 3 scan to folder tasks and replace with cloud connector configuration. SharePoint, Drive and OneDrive each have specific authentication flows; document the OAuth scopes granted.
Healthcare clinic
Add a task to phase 2 covering audit log forwarding to a central syslog target. Patient data exposure tracking requires evidence; without forwarding, the audit trail dies with the device.
Multi site fleet
Build a master configuration template after the first device install. Subsequent devices apply the template via the vendor's fleet management portal or via configuration file import. The 28 task checklist drops to roughly 12 tasks per additional device.
A copier install handed off without a structured IT plan creates a long lived security hole. The 28 task checklist takes a working day and closes most of the exposure.
Documents that work with this checklist
