IT Operations SOP

Detailed procedures for managing access, incidents, and vendors at MaisonRMI.

Last Updated
Oct 10, 2025
Owner
IT Operations Manager

Access Provisioning

1

Intake

  • Manager submits access request through the Service Desk form.
  • Form must include justification, role, systems requested, and expiry date if applicable.
2

Approval

  • Automated approval routes to the system owner.
  • High-risk systems require Security Operations approval.
3

Provision

  • IT Operations provisions access via Okta groups.
  • Record change ID in the access log and notify requester.
4

Verification

  • Requester validates access within 24 hours.
  • Close the ticket with verification evidence attached.

De-provisioning Trigger: Offboarding tickets automatically remove access; manual revocation requests follow the same workflow marked as urgent.

Incident Response

  1. Detection & Triage
    • Alert raised via monitoring, user report, or automated tooling.
    • Classify severity using the IR decision tree. Engage the on-call engineer for Severity 1 or 2.
  2. Containment
    • Execute containment playbooks (e.g., isolate host, revoke credentials, disable integrations).
    • Document actions in the incident channel and Opsgenie timeline.
  3. Eradication & Recovery
    • Patch vulnerabilities, restore services from clean backups, and monitor for reoccurrence.
  4. Post-Incident Review
    • Complete PIR within five business days.
    • Capture root cause, follow-up actions, and policy updates in the incident knowledge base.

Keep stakeholders updated every 30 minutes for Severity 1 incidents. The Communications Manager owns customer messaging once approved by Legal.

Vendor Onboarding

  • Submit vendor intake form with security questionnaire and data classification.
  • Security reviews responses; high-risk vendors undergo additional testing.
  • Legal drafts or reviews DPAs and commercial terms.
  • Once approved, create vendor profile in the asset register and schedule annual reassessment.

Artifacts: Signed agreements, risk assessment results, and system owner acceptance.

Metrics & Evidence

SOPKPITargetOwner
Access ProvisioningFulfilment time< 2 business daysIT Ops Lead
Incident ResponseContainment time for Sev 1< 60 minutesSecurity Ops
Vendor OnboardingDue diligence completion100%Vendor Manager

Continuous Improvement

  • Use retrospectives to feed policy updates.
  • Track automation opportunities in the Platform Ops roadmap.
  • Share lessons in the #tech-guild channel each month.