I'm an active member of the local chapter of Rotary International ( http://www.rotary.org ), a worldwide community service organization. In that capacity, I've been able to meet some wonderful people. A few weeks ago, I received terrible news: A new member of our local chapter had been killed in an automobile accident. She was only 26.

What does that have to do with Exchange Server? More than you think. In addition to being a wife and mother, she was also the manager of a local bank branch office. Banks, being among the most conservative business organizations in the world, have excellent plans for dealing with the unexpected loss or absence of key people. Do you?

This might seem like a far-fetched thing to worry about--after all, people are notoriously bad at estimating risks. If you don't believe me, ask people whether someone's more likely to die in a commercial airline accident or by flooding. It turns out, according to the Centers for Disease Control and Prevention (CDC), that the lifetime risk of death in an air travel accident is about 1 in 20,000, whereas the lifetime risk for death due to flooding is 1 in 30,000. Did you guess right?

More to the point, if you were suddenly unable to come to work one day, what affect would your absence have on your organization's messaging operations? Would other people be able to take over every aspect of your job? Are there any operational tricks, passwords, or other knowledge nuggets that only you know? If you're the pragmatic type, you might not worry about this; after all, if you're incapacitated or dead, your mail system's probably the least of your worries. But what if it happens to someone else in your organization? (which is another aspect of human risk perception: We think bad things are more likely to happen to others; just ask any teenager.)

A comprehensive risk-management strategy will account for the unexpected absence or loss of key personnel. That means that no skill or piece of knowledge (including passwords and other security-related information) should be unrecoverable. This doesn't mean that you can be careless with security information, merely that you need a way for authorized people to get what they need to continue business operations. In larger organizations, this information access usually isn't a problem because there are usually multiple people with administrative access to Active Directory (AD) and Exchange. However, in small companies, losing the only administrator can have a serious impact--one that you can take steps now to mitigate.

Why bring up such an unpleasant subject now? The start of a new year often brings the urge to change things that we perceive as suboptimal. Now is the time to consider how you can improve your organization's ability to work even if key players aren't available.

Wishing you a safe, happy, and prosperous 2006!