Once you have successfully planned and deployed the IM server, you have to make sure it stays that way. This can be a tricky proposition as there's very little you can do here, other than lay down rules and/or point out user responsibilities.
Treat IM as email: Many organizations say IM is the new email. Considering the similarities between the two electronic communication methods, it'd be best if you treat IM as email. If you have an email policy already in place, append it and apply it to IM as well.
If you wish to have separate policies for email and IM, make sure you consult with the appropriate internal legal, HR, IT, and executive management members and groups to construct a policy appropriate for your organization's needs and requirements.
Define prohibited use: No matter what sort of organization yours is, having a "you can't do this" list of things is always encouraged. Make sure this list clearly points out what constitutes disruptive or offensive messages, and the types and nature of files that can't be transmitted between users. Also, point out actions that will be taken in case of a violation of the policy.
Define personal use: You should expect and allow for a reasonable amount of personal exchanges. But define limits and identify how non-work related or off-topic conversations are to be handled.
Define monitoring terms: Depending on the nature of your organization, it might be imperative for you to log all IM conversation as per applicable trade regulations. In any case, if you log messages, make sure your users are aware that the organization is doing so, and may monitor messages without prior notice.
Usage policies can be long and a little too detailed for the average user to bother reading. So in addition to the usage policy, you can also prepare bulleted action items that are easier for users to follow. Some of the most common ones are listed here:
Ensure that your IM account password meets the organization's recommendations for strong passwords. Make sure you change your passwords frequently.
Look out for updates to the IM program and install them as soon as they are available.
Don't allow your IM program to "remember" your password or automatically sign in to your account.
Don't automatically accept incoming messages from users who are not on your contact list. Users should exchange IM usernames or nicknames via phone or email before sending IM messages.
Don't accept file transfers from users outside the network. Instead, ask external users to send the attachment via email, which will be scanned at the mail server, in addition to the anti-virus application on your computer.
Set Status messages. Use your client's ability to set status messages. Either use an existing one, or create your own to indicate when you are out for lunch, or not on your desk, or busy working and do not want to be interrupted.
While your users make sure they use the IM service as it's meant to be used, it's your job as the administrator to make sure everything's hunky dory on the back end. Here's a brief checklist.
Keep an eye on the database: There are various tools available that'll help you monitor the state of the database server you are running for your IM server. If the program doesn't allow for automated periodic checks, do one yourself every two weeks, or more frequently, if you have lots of concurrent IM users.
Directory Server: Take special care of the directory server if you are using one, as it'll also be shared by other network services, and if it goes down, your users won't be able to log in to their IM accounts.
The physical server powering the system: Depending on the operating system you are running on the server, configure and set up automated audits of the key areas of the system, and periodically monitor the logs. Also, set up regular automated backups of key areas as well as periodic system-wide backups.
Monitor the IM server logs: Make provision to be notified when something is written to the error logs.