Module 1: Foundations of IT Support & Professional Conduct

Glossary Snapshot

Here are key terms you’ll encounter throughout this module:

AUP (Acceptable Use Policy): Rules for how technology and resources should be used responsibly.
SLA (Service Level Agreement): A contract or internal agreement that defines expected response and resolution times for IT support.
OEM (Original Equipment Manufacturer): Software tied to specific hardware and typically not transferable.
Chain of Custody: A log of who handled sensitive hardware or data and when—important for legal or audit purposes.

Introduction

Welcome to Module 1 of your IT support journey! This module introduces you to the essential foundational knowledge every aspiring IT technician needs. Whether you're new to tech or looking to validate your experience with the CompTIA A+ certification, this chapter will prepare you with key concepts around support roles, professionalism, safety, and ethics.

By the end of this module, you'll be able to:

Understand the tiered support model and identify technician responsibilities
Explore career pathways in IT support
Demonstrate professionalism, ethics, and legal awareness in support environments
Apply safety best practices including ESD and e-waste handling
Draft clear, enforceable Acceptable Use Policies (AUPs)

This module is written in a self-paced, approachable format. You’ll encounter practical examples, diagrams (text-based), and reflective questions to help you internalize the content. Let’s get started!

Section 1: The Tiered Support Model & Technician Roles

What Is IT Support?

When most people think about IT, they imagine someone fixing a broken printer or recovering a forgotten password. While these are common tasks, the IT support role is much more dynamic and essential to a business's daily operation.

IT support professionals ensure users can work effectively by maintaining computer systems, solving hardware/software issues, securing networks, and documenting solutions. Their work prevents disruptions that cost time and money.

Why Is IT Support Tiered?

To operate efficiently, many companies organize support into tiers based on complexity:

Tier 1 (Help Desk/Service Desk): The first line of defense. These technicians answer phones, respond to emails or tickets, and resolve straightforward issues like password resets or software navigation.
Tier 2 (Desktop Support): When Tier 1 can’t resolve the issue, it escalates to Tier 2. These techs perform in-depth diagnostics, hardware repairs, and configure systems. They’re often onsite or have remote tools to fix technical problems that require deeper expertise.
Tier 3 (Systems/Network Engineers): Tier 3 handles the most complex issues—server crashes, network configuration, cybersecurity breaches, and system architecture changes. These technicians often have certifications and years of experience in specialized areas.

What Happens When a Problem Is Escalated?

If Tier 1 cannot solve a problem within a certain timeframe, they escalate it by providing documentation to the next level. Proper escalation ensures:

Users get timely help
Technicians stay within their skill set
Workflows remain efficient

Diagram: Tier Escalation Flow

User reports issue
        ↓
Tier 1 support (e.g., password reset)
        ↓ (if unresolved)
Tier 2 support (e.g., network issue)
        ↓ (if unresolved)
Tier 3 support (e.g., server misconfiguration)

Career Pathways for IT Technicians

Many people start in Tier 1 and grow from there. Depending on your interests, you can branch into:

Systems Administration: Manage Windows/Linux servers, user accounts, and business infrastructure.
Network Engineering: Design, maintain, and secure complex networks.
Cybersecurity: Monitor threats, manage firewalls, and enforce policies to keep organizations safe.
Cloud Computing: Work with platforms like AWS, Azure, or Google Cloud to deploy scalable, virtual infrastructure.

Certifications that support these career paths include:

CompTIA A+, Network+, Security+
Cisco Certified Network Associate (CCNA)
AWS Certified Cloud Practitioner
Microsoft Certified: Azure Fundamentals

        Question: Do I need a degree to get into IT?

        Answer: No. Many technicians enter the field with certifications and hands-on experience alone. What matters most is your ability to learn, communicate, and solve problems.

Time Management & Ticket Handling Basics

Effective IT support involves juggling multiple tasks, prioritizing requests, and ensuring nothing slips through the cracks. A good technician balances responsiveness with thoroughness.

Time Management Strategies

Prioritize by urgency and impact: Address issues affecting multiple users or critical systems first.
Use time blocks: Dedicate time each day to following up on older or unresolved tickets.
Avoid multitasking overload: Focus on resolving one issue at a time when possible.

Ticketing Best Practices

Always document: Record symptoms, steps taken, resolution, and time spent.
Use templates: Consistency helps other techs understand your work.
Don’t close prematurely: Ensure the user confirms the issue is resolved.
Flag trends: If multiple users report the same issue, escalate it as a systemic problem.

Scenario: You receive three tickets: one for a CEO’s email issue, one for a locked account, and one for a minor printer jam. Using time and impact as criteria, you prioritize the CEO’s ticket first, delegate the printer issue to Tier 1, and resolve the lockout via password reset.

Service Level Agreements (SLAs)

An SLA defines the level of service expected from the IT support team and sets expectations for response and resolution times. Technicians are often measured by how well they meet SLA targets.

Example: An SLA might require that password reset tickets are acknowledged within 15 minutes and resolved within 1 hour.

Meeting SLAs:

Builds trust with end users
Keeps ticket queues manageable
Reflects performance in IT audits and reviews

        Tip: Always note SLA deadlines in your ticketing system and escalate when a ticket nears its breach time.
      

Incident Documentation Formats

Accurate documentation is essential for solving problems efficiently and preventing future ones. Every ticket should include:

Issue Summary: Clear and concise description of the problem
Steps Taken: What was attempted to diagnose or resolve it
Resolution: The fix that worked
Time Spent: Duration from open to close

Example Ticket Note:

Issue: User unable to connect to Wi-Fi on laptop.
Steps: Verified adapter settings, removed and re-added network profile, rebooted system.
Resolution: Faulty Wi-Fi driver; reinstalled driver.
Total Time: 35 minutes

Chain of Custody

Chain of custody refers to the process of recording who handled a device or piece of data and when. This is especially important for legal cases, audits, or data breaches.

Best Practices:

Use tamper-evident seals or logs when collecting evidence
Record device handoffs in your ticketing system or inventory tool
Limit physical and digital access to authorized personnel only

Scenario: A company laptop is found after a data leak. You document the time it was received, note its condition, and secure it until security or HR can take over.

Section 2: Ethics, Privacy, and Support Policy Writing

The CIA Triad: Foundations of Ethical IT

Confidentiality: Only authorized people can access data.
Integrity: Data must remain accurate and unchanged unless authorized.
Availability: Systems and data must be reliably accessible when needed.

Scenario: A technician accessing payroll files without permission violates confidentiality. Changing configuration logs to hide mistakes breaks integrity. Delaying system updates that crash a department’s application disrupts availability.

Understanding Privacy Regulations

As a support tech, you must respect legal requirements for handling personal or sensitive data. Some of the most common include:

GDPR (General Data Protection Regulation): Protects user data in the EU. Violations can lead to serious fines.
Read More: gdpr.eu/what-is-gdpr
HIPAA (Health Insurance Portability and Accountability Act): Applies to healthcare organizations in the U.S. and governs medical records.
Read More: hhs.gov/hipaa

        Important: Even if you're not in the EU or healthcare, your company may follow these standards. Always ask: "Am I authorized to view this data?"
      

Writing Clear and Useful Support Policies

Every company should document its expectations for how users and techs interact with IT systems. This is where Acceptable Use Policies (AUPs) come in.

What is acceptable behavior on company networks
What software and hardware are approved for use
What users must not do (e.g., install pirated apps, share passwords)
What happens if the policy is violated

Tip: Use plain language. Confusing rules are ignored rules.

Policy Example (Excerpt):
“Users may not connect unauthorized devices to the company network. This includes USB drives, personal laptops, or IoT devices. Violations may result in restricted access or disciplinary action.”

See Google Cloud's AUP: cloud.google.com/terms/aup

Beyond Acceptable Use Policies: Other Key IT Policies

While AUPs are foundational, organizations rely on additional policies:

BYOD – Bring Your Own Device Policy
Definition: Outlines rules for employees who connect personal devices (laptops, smartphones, tablets) to the company network.
Purpose: Reduces security risks by controlling device access.
Example Rule: “Personal devices must have up-to-date antivirus software and use company-approved VPNs.”
DLP – Data Loss Prevention Policy
Definition: Prevents unauthorized transfer of sensitive data outside the organization.
Purpose: Protects against data breaches and insider threats.
Example Rule: “Email attachments containing sensitive customer data must be encrypted and approved by compliance.”
MFA – Multi-Factor Authentication Policy
Definition: Requires users to verify their identity through two or more authentication factors.
Purpose: Reduces the risk of unauthorized access, even if passwords are compromised.
Example Rule: “All remote logins must use MFA via smartphone app or security token.”
PMP – Patch Management Policy
Definition: Details how the organization tracks, tests, and installs software updates.
Purpose: Reduces vulnerabilities from outdated systems.
Example Rule: “Critical patches must be deployed within 72 hours of release.”
RAP – Remote Access Policy
Definition: Defines how users and administrators may connect to systems from off-site locations.
Purpose: Secures access pathways and ensures logging of remote activity.
Example Rule: “Remote access is allowed only via company-issued laptops using a secure VPN.”
IRP – Incident Response Policy
Definition: Provides a step-by-step plan for responding to security incidents.
Purpose: Minimizes damage, contains threats, and ensures documentation.
Example Rule: “Report suspicious activity to the IT security team within 15 minutes. Do not alter or delete any related data.”

They guide your response when facing unfamiliar or risky situations.
Violating policy can lead to security breaches or legal issues.
Familiarity with policies ensures you follow best practices and know when to escalate.

Scenario: An employee plugs their personal phone into a workstation to charge and triggers a company-wide alert. As the technician, you recognize this as a BYOD policy violation and follow the proper documentation and response steps.

        Question: Who enforces the policy?

        Answer: Usually the IT department or designated compliance officers, in coordination with HR.

Software Licensing Awareness

Understanding software licensing is essential to prevent legal issues and ensure proper software deployment across the organization.

Common Licensing Models:

OEM (Original Equipment Manufacturer): Tied to specific hardware; cannot be transferred
Volume Licensing: Allows activation on multiple systems under one contract (common in enterprise)
Subscription Licensing: Recurring payments (e.g., Microsoft 365, Adobe Creative Cloud)

Scenario: A user installs personal software on a company device without a valid license. You recognize this as a policy violation and report it per your organization's compliance procedures.

Remote Work Etiquette & Support Culture

Best Practices for Remote Work Etiquette

Communicate clearly and promptly: Respond to tickets and messages within established SLAs. If troubleshooting will take time, send updates.
Respect user time and focus: Always confirm availability before starting remote sessions.
Use professional language: Avoid slang, excessive emojis, or informal phrasing in chat or email—even in casual workplace cultures.
Maintain a distraction-free environment: Ensure your background is tidy and desktop clear during calls.

Supporting Culture from a Distance

Be visible and approachable: Show availability in messaging tools and offer help beyond ticket queues.
Promote knowledge sharing: Contribute tips to chat channels and keep the knowledge base updated.
Champion security and professionalism: Lock your workstation, use MFA, and follow all policies.
Empathize remotely: Use tone and words to convey understanding and politeness.

Scenario: You receive a ticket from a remote user who hasn’t responded in over a day. Instead of closing the ticket, you send a polite follow-up and tag their manager to ensure visibility while maintaining courtesy.

Customer Service Expectations in IT

Timeliness: Users expect prompt responses and clear communication about delays.
Clarity: Speak in user-friendly language; avoid tech jargon unless you're sure the user understands it.
Empathy: Acknowledge frustration, especially when systems are down or users are under pressure.
Accountability: Own the issue—even if you escalate it. Let the user know you're following through.
Follow-up: Confirm that the user is satisfied before closing a ticket.

        Example: A user reports their internet is down. Instead of saying, “It’s a network layer 2 issue,” explain: “There’s a problem between your computer and the building’s network switch—we’re working to restore your connection.”
      

Section 3: Workplace Safety & Environmental Best Practices

Electrostatic Discharge (ESD) and Why It Matters

Electrostatic discharge (ESD) is the sudden transfer of static electricity. It can damage sensitive computer parts without visible signs. This can occur when working hands-on with computer hardware.

How can I avoid ESD?

Use antistatic wrist straps connected to a grounded metal point.
Work on ESD-safe mats.
Store parts in antistatic bags.
Maintain moderate humidity in the workspace.

Diagram: ESD-Safe Setup

Technician → Wrist strap → Grounded mat → Ground plug

Electrical and Fire Safety

Always unplug computers before opening them.
Never daisy-chain power strips.
Know where the nearest Class C fire extinguisher is located.
Avoid drinks near electronics to prevent shorts.

Question: Can I wear gloves while working inside a PC?

Answer: Only if they are antistatic gloves. Normal gloves may block your sense of touch or trap static.

Environmental Responsibility in IT

Old hardware doesn’t go in the trash. It often contains hazardous materials like lead or mercury.

Best Practices for Disposal:

Use certified e-waste recyclers.
Wipe or destroy hard drives before recycling.
Follow data retention policies before disposal.

Many municipalities offer public e-waste services, often free of charge. Use a search engine to locate one near you. Even some businesses offer this service. For example, Best Buy offers a household electronics recycling service and may even give you a discount on future purchases when recycling old electronics.

Note that this kind of service may be limited to home users and not suitable for business use. There are many vendors that offer e-waste recycling services suitable to large organizations, at a charge.

Energy Efficiency Tips:

Encourage power-saving settings on all computers.
Consolidate workloads onto fewer machines.
Use virtual machines where possible.

Scenario: You’re retiring 10 workstations. You wipe the drives, remove reusable RAM, store items in antistatic bags, and deliver to a licensed recycling center. This shows excellent tech and environmental responsibility.

What Would You Do? (Scenario Practice)

Scenario 1: A remote user submits a vague ticket: “Computer isn’t working.” You call them but get no answer. What’s your next move?
- Follow up with a polite email requesting more details
- Note attempted contact in the ticket
- Set a 24-hour check-in before escalation or closure
Scenario 2: You notice another technician installed unlicensed software on several machines. What should you do?
- Document what you observed
- Report it to your team lead or compliance officer per policy
Scenario 3: A user becomes frustrated and raises their voice during a remote call. What should you do?
- Stay calm
- Acknowledge their frustration (“I understand this is frustrating”)
- Re-focus on solving the issue politely

Lab Exercise

Draft an Acceptable Use Policy (AUP) for a fictional company called "QuickTech Solutions." Include:

Scope (who and what the policy applies to)
Three examples of prohibited use
Enforcement procedure

Then, simulate an incident report:

Document an unauthorized software install
Detail your investigation process
Recommend a resolution

Knowledge Check

What does Tier 2 typically handle that Tier 1 does not?
List and define one part of the CIA triad.
Name two tools that help prevent ESD damage.
Why is it important to have an AUP?
True/False: Wearing rubber gloves is a suitable ESD precaution.

Summary & Quick Review

IT support is structured into tiers to handle issues by complexity and skill level.
Career growth in IT can lead to exciting specializations in networking, cloud, or cybersecurity.
Ethical technicians follow the CIA triad: Confidentiality, Integrity, and Availability.
Privacy laws like GDPR and HIPAA dictate how sensitive data must be protected.
Acceptable Use Policies (AUPs) help guide user behavior and protect systems.
Safe IT environments require ESD protection, electrical caution, and eco-friendly disposal.

You're now equipped with the professional knowledge and context that all great IT technicians start with. Up next: Module 2: Internal System Architecture—where we’ll open up the computer and explore what’s inside. Stay sharp!