SOP's

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

This should go in here as it's related to security (though rather loosley).

SOP's!!

Who's got them? Who uses them? Who implemented them?

I've been tasked with starting to get our IT SOP's up and running (after our IT pro hasn't after almost a year). The problem is I don't really know where to start. How many and how in depth would I go etc?

Anyone's advice much appreciated.

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

We don't allow Sexually Oriented Pictures (SOPs) on our network, nor do we allow our users to browse for them on the Internet.

So you say that you are being tasked with implementing IT SOPs? Should be hilarious!!! Be sure to provide links when you're done with that!

(and... uh... the depth you go is entirely up to each individual's preference... )

 

I have always been a big fan of bread dunking too

 

As long as they can wake you up at 2AM to ask stupid questions most managers see no need for SOPs.

"How do I restart the server?"
You open the manual on startup and shutdown procedures and turn to page #2.

 

Well most IT managers like to see agreed procedures for critical stuff.

Also if something important breaks they want to know what contingency plans where already in place and during review after the problem is sorted thy will to know if the contingencies and response was adequate.

Just all the standard DR and QOS stuff really....

BTW - nuggett - arent you coming over to OZ [Perth] some stage soon??

- Well have to go for an ale or a dozen...

supa

 

Looks like the kindergarten opened early today.

Seriously though, when you're dealing with the FDA then it's a necessity to have them. If we were just a normal company then I think it would suffice to have just a few guidelines etc.

I'll be flying out of here on the 14th July and landing on the 15th.

 

I can't even get most places to separate production from development. So trying to put simple rules in place like "don't run ad-hoc queries on mission-critical OLTP servers" is really just a lesson in futility. Routine maintenance, downtime scheduling and change management procedures are seldom followed. And the solution to everything ends up being restart the service or reboot the server in the middle of the work day.

It's a good thing they have all their business continuity and disaster recovery planning done though. Chances are they'll have an opportunity to use those plans.

Personally, I'd rather avoid problems than have to constantly be putting out fires.

 

Wow i cant imagine an environment like that any more Crito!
sounds like you have your hands full!

 

Yep I know what you mean about kinder4garten..some of the noobs that you come across consulting can be like this...


I'll add the July stuff to my Calendar...and I'll PM some contact details closer to the day...

 

Nope, when rebooting server in middle of day become SOP then they have their hands full, as I'm out the door. I don't get paid enough to take the rap for incompetent management.

Take a guy with an undergraduate degree in basket weaving, give him an MBA, and all of a sudden he's qualified to be Director of IT.

 

Yep Crito I share your pain buddy...some newly minted folks/PHB's are too newly minted...rubber stamped would be a better description.

And the ones minted via MBA especially so!

Note that useless in the IT g33k dictionary is defined as someone who has an Arts, MBA or Marketing degree [snigger]

...runs and hides...

 

I'll keep in touch too.

I found some policy templates at sans.org too.

 

So policy might say we only use Cisco and downtime has to be approved. While the SOP would look something like:
http://www.cisco.com/warp/public/78/IPCC_Start_Stop.html

Seems like there's some confusion over the military version of SOP and the kind used for regulatory compliance. To be clear I'll refer to the IT kind of SOPs as "standing operating procedures" from now on (not "standard".)

 

I've tried to find examples of someone else in IT using SOP the same way nugget does but can't. Here's another example of an SOP for the handling of electronic evidence:
http://www.dbm.maryland.gov/dbm_pub...ty/response_and_recovery/evidencehandling.pdf

FWIW I really do think (technically) it should be "standing" and not "standard" operating procedures, in this context anyway. Just seems like I've always heard the term misued that way in the past (like the state of Maryland does, above.)

Anyway, good luck... I'm outta here.