Skip to main content

Boilerplate example for an IT SOP (Standard Operating Procedures)


Most IT environments do not necessarily utilize SOPs (Standard Operating Procedures) but in reality it is a crucial documentation that is a prerequisite.. A SOP is a document that describes procedures. Procedures are ongoing processes which are open ended as opposed to projects which have a definite starting and ending time. Commissioning a system is a project with tasks that end at a point where the system is "standing", nearly like a building is standing when it has been erected. SOPs are those procedures that are executed after the system "stands". Hence, standing operating procedures.

Ramon Padilla writes on TechRepublic, IT leadership in Master the mundane with SOPs that fit.

" The best run organizations are those which have mastered the mundane.
That is a pretty profound statement because, if taken literally, it means that the organization has perfected its day-to-day activities to such a degree that it is free to focus on being agile and responsive to the forces that affect it in a proactive way.
The path to this mastery is partially through efficient and effective standard operating procedures (SOP). SOPs are defined as detailed, written instructions to achieve uniformity of the performance of a specific function.” In other words, procedures that make sure that inputs to a process result in the same outputs in terms of quality, quantity, consistency, etc.
SOPs by design, should be based on the best way of doing things in your organization, often reflecting the best practices of the industry. Thus, we have a tie-in to methodologies such as COBIT, ITIL, and ISO.
So in general, SOPs are a good thing. However, it never ceases to amaze me how organizations can take a desire to implement best practices and SOPs and completely miss the boat on what they are doing and why they are doing it.
The purpose of SOPs is to make your organization perform better and faster, with higher quality, increased customer service, and accountability. The SOPs ARE NOT the end product, nor are they designed to be so rigid as to make conducting business painful. You know where I am coming from here. I’m talking about the kind of “procedures” that are so cumbersome and time consuming that they make you want to pull your hair out (whats left of it); that make work for people whose only reason to exist in the organization is to enforce the “procedures;” that were designed so long ago they haven’t kept up with the changing organization, or for IT, changes in technology."

Here are some items to use as a boilerplate for a SOP.

  • Title. Define the SOP clearly with a suitable title that clearly defines the procedures or category of procedures.
  • Dates. Provide an Issue date and Effective date.
  • Document history. Detail a brief overview of changes to the document over time.
  • Approvals. State the authority and which the document has been created.
  • Description. Provide a brief overview of the document (or alternatively an executive summary).
  • Purpose and background. Detail why the procedures are being defined and any relevant justifications. Help people understand why the procedures are being implemented.
  • Scope. Clearly state which procedures are covered and those which are excluded in this document. Reference excluded procedures to the relevant SOP if they are not covered by this one.
  • Definitions. Define any ambiguous words or terms and all acronyms.
  • Operations. The procedures stated here need to be mapped into the greater IT operations (refer the mindmap below):
No alt text provided for this image

  • Vital functions affected by this SOP. These directly refer to the business functions that are aligned to and impacted by the document IT procedures. If there are problems with the systems or procedures covered in this SOP how will the business be impacted.
  • Lessons learned. Clearly list and describe all lessons learnt or how a knowledge base that includes this information can be accessed.
  • Equipment, hardware and software lists. List the inventory or attach as addendum. In large organization this might be linked to a separate system that contains this information. However, be aware that a snapshot is required that aligns itself to the issue date of the SOP.
  • Checklists. List an checklist being applied and used. (Read here about checklists).
  • Media. All Images and diagrams relevant to the procedures.
  • Configuration. The actual configuration of the systems effected by the procedures, such as network equipment.
  • Testing. Testing mechanisms and sign offs including simulations.
  • Financial. Include relevant budget and expenditure.
  • Risk. Specify the risk methodology being used and the latest assessment that covers the area of the SOP.
  • Service Continuity. Describe the resilience of the systems covered by the SOP and include backup and restore tasks. List and describe how service continuity is implemented in the event of system failure.
  • Escalations. Detail the escalation path required for the systems covered by the SOP.
  • Roles and responsibilities. Use or implement a suitable matrix such as RACI.
  • Dashboard and metrics. Often also referred to as KPI's but more simply a reference to the quality and targets that are expected. This details how and where they will be collected and referenced.
  • Training. Specify how personnel is trained on the systems and procedures.
  • Monitoring requirements. How are the activities of the systems monitored.
  • Record Management. How are records maintained. As an example when checklists are completed, how are they stored and filed. Important if there is a query or dispute in a month's time that these can be retrieved.
  • References. List any external sources of manuals or documentation that is relevant.
  • Change. This deals with how changes are made not only to the systems but procedures as well (refer to a change management checklist here).
  • Stakeholders. List the stakeholders of the systems and procedures.
  • Maintenance. Schedules of maintenance and the tasks required. Also specify all related equipment warranties.
  • Handling Incidents and Troubleshooting procedures. Detail aspects of the expanded Incident Lifecycle.
  • Service review. List as a minimum notes about the previous period's review and the current review period. Include current issues, and peripheral related issues.
  • Service catalogue. Reference how these procedures related to the IT service catalogue.
  • Checklist for SOP. Finally, have you addressed all the following in this SOP (a quick check):

  1. Who?
  2. Why?
  3. What?
  4. When?
  5. How?
  6. Where?
No alt text provided for this image

A mindmap of the SOP boilerplate

Ronald Bartels of Fusion Broadband

Ronald Bartels provides SD-WAN solutions via Fusion Broadband.

This article was originally published over at LinkedIn:  Boilerplate example for an IT SOP (Standard Operating Procedures)


Popular posts from this blog

Why Madge Networks, the token-ring company, went titsup

There I was shooting the breeze with an old mate. The conversation turned to why Madge Networks which I wrote about here went titsup. My analysis is that Madge Networks had a solution and decided to go out and find a problem. They deferred to more incorrect strategic technology choices. The truth of the matter is that when something goes titsup, its not because of one reason only, but a myriad of them all contributing to the negative consequence. There are the immediate or visual ones, which are underpinned by intermediate ones and finally after digging right down, there are the root causes. There is never a singular root cause for anything but I'll present my opinion and encourage everyone else to chip in. All of them together are more likely the reason the company went titsup. As far as technology brainfarts go there is no better example than Kodak . They invented the digital camera that killed them. However, they were so focused on milking people in their leg

Flawed "ITIL aligned"​ Incident Management

Many "ITIL aligned" service desk tools have flawed incident management. The reason is that incidents are logged with a time association and some related fields to type in some gobbledygook. The expanded incident life cycle is not enforced and as a result trending and problem management is not possible. Here is a fictitious log of an incident at PFS, a financial services company, which uses CGTSD, an “ITIL-aligned” service desk tool. Here is the log of an incident record from this system: Monday, 12 August: 09:03am (Bob, the service desk guy): Alice (customer in retail banking) phoned in. Logged an issue. Unable to assist over the phone (there goes our FCR), will escalate to second line. 09:04am (Bob, the service desk guy): Escalate the incident to Charles in second line support. 09:05am (Charles, technical support): Open incident. 09:05am (Charles, technical support): Delayed incident by 1 day. Tuesday, 13 August: 10:11am (Charles, technical support): Phoned Alice.

Updated: Articles by Ron Bartels published on iot for all

  These are articles that I published during the course of the past year on one of the popular international Internet of Things publishing sites, iot for all .  These are articles that I published during the course of the past year on one of the popular international Internet of Things publishing sites, iot for all . Improving Data Center Reliability With IoT Reliability and availability are essential to data centers. IoT can enable better issue tracking and data collection, leading to greater stability. Doing the Work Right in Data Centers With Checklists Data centers are complex. Modern economies rely upon their continuous operation. IoT solutions paired with this data center checklist can help! IoT Optimi