Skip to main content

Boilerplate example for an IT SOP (Standard Operating Procedures)

 

Most IT environments do not necessarily utilize SOPs (Standard Operating Procedures) but in reality it is a crucial documentation that is a prerequisite.. A SOP is a document that describes procedures. Procedures are ongoing processes which are open ended as opposed to projects which have a definite starting and ending time. Commissioning a system is a project with tasks that end at a point where the system is "standing", nearly like a building is standing when it has been erected. SOPs are those procedures that are executed after the system "stands". Hence, standing operating procedures.

Ramon Padilla writes on TechRepublic, IT leadership in Master the mundane with SOPs that fit.

" The best run organizations are those which have mastered the mundane.
That is a pretty profound statement because, if taken literally, it means that the organization has perfected its day-to-day activities to such a degree that it is free to focus on being agile and responsive to the forces that affect it in a proactive way.
The path to this mastery is partially through efficient and effective standard operating procedures (SOP). SOPs are defined as detailed, written instructions to achieve uniformity of the performance of a specific function.” In other words, procedures that make sure that inputs to a process result in the same outputs in terms of quality, quantity, consistency, etc.
SOPs by design, should be based on the best way of doing things in your organization, often reflecting the best practices of the industry. Thus, we have a tie-in to methodologies such as COBIT, ITIL, and ISO.
So in general, SOPs are a good thing. However, it never ceases to amaze me how organizations can take a desire to implement best practices and SOPs and completely miss the boat on what they are doing and why they are doing it.
The purpose of SOPs is to make your organization perform better and faster, with higher quality, increased customer service, and accountability. The SOPs ARE NOT the end product, nor are they designed to be so rigid as to make conducting business painful. You know where I am coming from here. I’m talking about the kind of “procedures” that are so cumbersome and time consuming that they make you want to pull your hair out (whats left of it); that make work for people whose only reason to exist in the organization is to enforce the “procedures;” that were designed so long ago they haven’t kept up with the changing organization, or for IT, changes in technology."

Here are some items to use as a boilerplate for a SOP.

  • Title. Define the SOP clearly with a suitable title that clearly defines the procedures or category of procedures.
  • Dates. Provide an Issue date and Effective date.
  • Document history. Detail a brief overview of changes to the document over time.
  • Approvals. State the authority and which the document has been created.
  • Description. Provide a brief overview of the document (or alternatively an executive summary).
  • Purpose and background. Detail why the procedures are being defined and any relevant justifications. Help people understand why the procedures are being implemented.
  • Scope. Clearly state which procedures are covered and those which are excluded in this document. Reference excluded procedures to the relevant SOP if they are not covered by this one.
  • Definitions. Define any ambiguous words or terms and all acronyms.
  • Operations. The procedures stated here need to be mapped into the greater IT operations (refer the mindmap below):
No alt text provided for this image

  • Vital functions affected by this SOP. These directly refer to the business functions that are aligned to and impacted by the document IT procedures. If there are problems with the systems or procedures covered in this SOP how will the business be impacted.
  • Lessons learned. Clearly list and describe all lessons learnt or how a knowledge base that includes this information can be accessed.
  • Equipment, hardware and software lists. List the inventory or attach as addendum. In large organization this might be linked to a separate system that contains this information. However, be aware that a snapshot is required that aligns itself to the issue date of the SOP.
  • Checklists. List an checklist being applied and used. (Read here about checklists).
  • Media. All Images and diagrams relevant to the procedures.
  • Configuration. The actual configuration of the systems effected by the procedures, such as network equipment.
  • Testing. Testing mechanisms and sign offs including simulations.
  • Financial. Include relevant budget and expenditure.
  • Risk. Specify the risk methodology being used and the latest assessment that covers the area of the SOP.
  • Service Continuity. Describe the resilience of the systems covered by the SOP and include backup and restore tasks. List and describe how service continuity is implemented in the event of system failure.
  • Escalations. Detail the escalation path required for the systems covered by the SOP.
  • Roles and responsibilities. Use or implement a suitable matrix such as RACI.
  • Dashboard and metrics. Often also referred to as KPI's but more simply a reference to the quality and targets that are expected. This details how and where they will be collected and referenced.
  • Training. Specify how personnel is trained on the systems and procedures.
  • Monitoring requirements. How are the activities of the systems monitored.
  • Record Management. How are records maintained. As an example when checklists are completed, how are they stored and filed. Important if there is a query or dispute in a month's time that these can be retrieved.
  • References. List any external sources of manuals or documentation that is relevant.
  • Change. This deals with how changes are made not only to the systems but procedures as well (refer to a change management checklist here).
  • Stakeholders. List the stakeholders of the systems and procedures.
  • Maintenance. Schedules of maintenance and the tasks required. Also specify all related equipment warranties.
  • Handling Incidents and Troubleshooting procedures. Detail aspects of the expanded Incident Lifecycle.
  • Service review. List as a minimum notes about the previous period's review and the current review period. Include current issues, and peripheral related issues.
  • Service catalogue. Reference how these procedures related to the IT service catalogue.
  • Checklist for SOP. Finally, have you addressed all the following in this SOP (a quick check):

  1. Who?
  2. Why?
  3. What?
  4. When?
  5. How?
  6. Where?
No alt text provided for this image

A mindmap of the SOP boilerplate

Ronald Bartels of Fusion Broadband

Ronald Bartels provides SD-WAN solutions via Fusion Broadband.

This article was originally published over at LinkedIn:  Boilerplate example for an IT SOP (Standard Operating Procedures)

Comments

Popular posts from this blog

easywall - Web interface for easy use of the IPTables firewall on Linux systems written in Python3.

Firewalls are becoming increasingly important in today’s world. Hackers and automated scripts are constantly trying to invade your system and use it for Bitcoin mining, botnets or other things. To prevent these attacks, you can use a firewall on your system. IPTables is the strongest firewall in Linux because it can filter packets in the kernel before they reach the application. Using IPTables is not very easy for Linux beginners. We have created easywall - the simple IPTables web interface . The focus of the software is on easy installation and use. Access this neat software over on github: easywall

No Scrubs: The Architecture That Made Unmetered Mitigation Possible

When building a DDoS mitigation service it’s incredibly tempting to think that the solution is scrubbing centers or scrubbing servers. I, too, thought that was a good idea in the beginning, but experience has shown that there are serious pitfalls to this approach. Read the post of at Cloudflare's blog: N o Scrubs: The Architecture That Made Unmetered Mitigation Possible

Should You Buy A UniFi Dream Machine, USG, USG Pro, or Dream Machine Pro?