Technology operating procedures (SOPs, MOPs, EOPs and SCPs)
With all the required documentation around technology, you’ll be forgiven for not knowing the difference between a SOP and a MOP. I’ve outlined each of these below, in addition to an EOP and SCP.
The SCP (Site Configuration Procedure) includes all documentation related to the design, commissioning and studies that describe the normal configuration of the site. This sets the initial conditions for the execution of a SOP or MOP.
The SOP (Standard Operating Procedure) is an overarching document which provides high level control and policy around the change of state of high risk components of your technology landscape. Control includes an outline of approval processes, risk assessment / management and a step by step guide to completing a change. Specifically, the SOP should include:
- Procedure overview – including procedure name, version control and owner
- Scope & applicability – purpose, standards and regulatory requirements applicable to this project
- Overview of terminology covered in the SOP
- Quality assurance provisions – how are you going to ensure the quality of the SOP execution?
- Risk Management – how are you going to manage the risks associated with this task? Is there a failover or roll-back procedure?
- Procedure methodology – all the steps, along with necessary details (including required equipment and tools) to enable the successful execution of the SOP. In addition, this should cover a few likely ‘what if’ scenarios.
A MOP (Method Of Procedure) is a document that details the steps required to execute a particular portion of a SOP. For example, a SOP may say that step three is to ‘turn on the firewall’. The MOP generated for this step, would be detailed guidance on how to turn on the firewall. A MOP includes:
- Document scope
- Prerequisites to carrying out the MOP, including any required approvals
- Detailed tasks, outlining how to execute the required change. Each task should be sequenced in the required order of execution and should have a task id, description, duration and service impact (expected)
- Backout steps (roll back) – should include details, highlighting how to return the system to its initial state or another predefined stable state
MOPs must be integrated into the change management process to ensure the timely review and approval of all MOPs. Additionally, each MOP must go through the risk assessment process to determine the risk associated with each MOP – each and every version of the MOP should be reviewed, approved and risk assessed before being used in the ‘live’ environment and each MOP should be subject to an annual review.
Just like you’d buy a good mop to clean your floor at home, you should make sure that your MOP is well written and can be used by anyone in the business. You never know when it’ll need to be executed and who’s going to be around at the time!
An EOP (Emergency Operating Procedure) includes detailed written instructions which must be carried out sequentially when an abnormal event occurs.
Together, all the above documentation forms the core of the data centre policies. Each document is intended to help humans to manage the complexity of technology. This is particularly important in today’s environment where technology is becoming ever more complex, as the increased complexity inherently leads to an increased risk of failure. This is due to an increase in the number of interrelated and interdependent elements of the technology environment.
With all this documentation, properly managed, you’ll be in a much better position to implement changes to your environment while somewhat mitigating the risk of a failure.