Standard Operating Procedures
Step-by-step playbooks used by the IT operations team. Each SOP is version-controlled and reviewed every 6 months.
U
Onboarding & Offboarding
- 1HR triggers request in ServiceNow
- 2AD account & mailbox provisioned
- 3Hardware kit issued & asset tagged
- 4Role-based app access assigned
- 5Day-1 induction & MFA enrolment
SLA: 2 business days
K
Access Request Procedure
- 1User submits request via portal
- 2Manager approval (auto-routed)
- 3Data owner approval if Restricted
- 4IAM team provisions access
- 5Quarterly recertification
SLA: 1 business day
B
Backup & Recovery
- 1Daily incremental, weekly full
- 2Off-site replication every 4 hrs
- 3Monthly restore test (sample)
- 4Quarterly DR drill (full)
- 5RPO 4h • RTO 8h
Owner: Infrastructure
P
Patch Management
- 1CVE intake & risk scoring
- 2Test ring deployment (5%)
- 3Pilot ring (20%) with telemetry
- 4Broad rollout (100%)
- 5Compliance reporting in Defender
Cadence: Monthly + emergency
!
Incident Response
- 1Detect via SIEM/Defender
- 2Triage & severity classification
- 3Contain — isolate endpoint/account
- 4Eradicate & recover services
- 5Post-incident review within 5d
On-call: 24x7
@
Phishing Reporting
- 1User clicks 'Report Phishing'
- 2Auto-quarantine to soc mailbox
- 3SOC analyst triage in 30 min
- 4Threat hunt for similar mails
- 5Block IOCs & notify users
Target: <30 min triage