In a company that is managed by an enterprise administration workflow department, there will be a set of documents that describe the process for each type of work. These are called runbooks and they can vary from one organization to another.
Administration in Runbooks Overview
Before we start with the list, let me explain what a runbook should be. A runbook is an applied set of procedures that are used to automate the workflow process in your company. In this way, it illustrates the path that a certain type of task should follow in order to be done properly. Administrative runbooks are a combination of the process that needs to be done with the information that helps fulfill the process. This is why runbooks should contain all the information about how to perform a certain task, plus instructions for any sort of help the employees may need. In practice, runbooks are used in all the situations where a person performs a certain action that needs to be described.
1. Incident Response:
Typically, this runbook would be used by an IT technician and or security professional who is tasked to fix a problem or to help someone else with the task. This category could be broken down even further to include responding to an email; creating a trouble ticket; performing a software install, etc.
2. User Request:
This runbook is used to create a request for a service or support from the IT department when an end-user cannot accomplish the task on their own. This type of request is usually in response to a user who can not figure out how to do something in a product, which they use every day.
3. Change Management:
This runbook would typically be used when a user requests something from the IT department to either add, remove, or update any information in their environment. This can include software updates; adding new hardware components; removing old ones; and more. The change management process always starts with a request for change (RFC ) that is then evaluated against the risk of performing the change before it goes out to production.
4. Request for Proposal (RFP):
This runbook would be used by any department who needs to purchase something from an outside source; examples include office furniture, computer hardware or software licenses, etc. This process always starts with a request for proposal (RFP) that is then evaluated before a purchase is made.
5. Service Request:
This runbook would typically be used when something goes wrong with hardware or software, but can also include requests from other departments in the organization who have a problem they need assistance solving from IT.
6. Problem Management:
This is another runbook that would typically be used by an IT technician. This usually is performed when something goes wrong with hardware or software; it can also include requests from other departments in the organization who have a problem they need assistance solving.
7. Change Management with Red-teaming:
This type of change management runbook has the added twist of requiring input from the security, compliance, or auditing teams before a change is implemented. This process normally starts with an RFC to make sure an organization\’s policies are being followed by making changes, but could also involve any number of other teams depending on how an organization has set up this runbook within their workflow management system.
8. Request for Information (RFI):
This runbook is the first step in the process of creating a new software or hardware request and it is used to gather as much information as possible to make sure that an organization has all the facts before making a big purchase. The RFI will normally involve multiple teams within an organization, including the purchasing, project management, and shared service departments.
9. Request for Proposal (RFP) with Red-teaming:
This runbook is similar to the change management with red-teaming but is used when a decision-maker would like input from security, compliance or auditing teams before making a new software or hardware purchase. This process would normally start with an RFP to make sure an organization\’s policies are being followed, but could also involve any number of other teams depending on how an organization has set up this runbook within their workflow management system.
10. Vendor Management:
This is the process involved in making sure an organization has a good relationship with all their vendors, which includes everything from ordering supplies or equipment to ensuring that warranties are being upheld and hardware software issues are handled quickly.
11. Change Management for New Software Releases:
This is a variation of the change management process that is used when a user requests something from an organization\’s internal development team. This runbook would be used for both new features and bug fixes, but it could also include organizations with multiple developer teams who use different workflow management systems resulting in several instances of this same run book being created across the organization .
12. Request for Enhancement (RFE):
This run book is the first step in the process of creating a new software request and it is used to gather as much information as possible to make sure that an organization has all the facts before making a big purchase. The RFE will normally involve multiple teams within an organization, including the purchasing, project management, and shared service departments.
13. RFE with Red-teaming:
This run book is the first step in the process of creating a new software request and it is used to gather as much information as possible to make sure that an organization has all the facts before making a big purchase. The RFE will normally involve multiple teams within an organization, including the purchasing, project management, and shared service departments.
14. RFP with Red-teaming:
This run book is similar to the change management with red-teaming but is used when a decision-maker would like input from security, compliance or auditing teams before making a new software or hardware purchase. This process would normally start with an RFP to make sure an organization\’s policies are being followed, but could also involve any number of other teams depending on how an organization has set up this runbook within their workflow management system.
15. Big agreement:
This is a runbook that is used in situations where the details of a large purchase (for example, purchasing a piece of hardware or software) need to be discussed before an organization agrees on anything with the vendor .
16. Change Management for Infrastructure Changes:
This run book is used by organizations that have separate change management processes and workflow management systems for infrastructure changes and application changes, and this run book is used for application changes.
17. Change Management for Infrastructure Changes:
This run book is used by organizations that have separate change management processes and workflow management systems for infrastructure changes and application changes, and this runbook is used for infrastructure changes.
18. Compliance Self-Assessment:
This runbook can be customized to cover any number of compliance-related tasks an organization may have, but the main point is to make sure that something is put in place so that security or compliance teams can run through their processes on a regular basis.
19. Vendor Risk Management:
When it comes to vendor risk management, this run book focuses more on due diligence for a new vendor and includes tasks ranging from letter of intent to make sure all legalities are followed, negotiations with the vendor, company contract management, and signing the contract.
20. Vendor Risk Management:
When it comes to vendor risk management , this runbook focuses more on due diligence for a new vendor and includes tasks ranging from letter of intent to make sure all legalities are followed, negotiations with the vendor, company contract management , and signing the contract.
21. Vendor Risk Management–Terms & Conditions:
This run book focuses on due diligence for a new vendor and includes tasks ranging from letter of intent to make sure all legalities are followed, negotiations with the vendor, company contract management, and signing the contract. It also involves the legal department to review the terms & conditions of a new vendor\’s offer before it is accepted .
22. Vendor Risk Management–Negotiations:
When it comes to vendor risk management, this run book focuses more on due diligence for a new vendor and includes tasks ranging from letter of intent to make sure all legalities are followed, negotiations with the vendor, company contract management , and signing the contract. It also involves any number of negotiation teams within an organization.
23. Vendor Risk Management–SWOT Analysis:
When it comes to vendor risk management, this run book focuses more on due diligence for a new vendor and includes tasks ranging from letter of intent to make sure all legalities are followed, negotiations with the vendor, company contract management, and signing the contract . This run book also includes SWOT analysis of a new vendor to make sure that they are good fit for the organization.
24. Vendor Risk Management–Contract Review:
When it comes to vendor risk management, this run book focuses more on due diligence for a new vendor and includes tasks ranging from letter of intent to make sure all legal ities are followed, negotiations with the vendor, company contract management , and signing the contract. This run book also includes a legal department review of any contracts to make sure that all terms & conditions have been met by both parties.
25. Vendor Risk Management–Technical Review:
When it comes to vendor risk management, this run book focuses more on due diligence for a new vendor and includes tasks ranging from letter of intent to make sure all legal ities are followed, negotiations with the vendor, company contract management , and signing the contract. This run book also includes a technical review to ensure that all technical specifications have been met by both parties.
26. Vendor Risk Management-Environment Impact:
When it comes to vendor risk management, this run book focuses more on due diligence for a new vendor and includes tasks ranging from letter of intent to make sure all legalities are followed, negotiations with the vendor, company contract management , and signing the contract. It also involves technical teams to review an environment impact before a new vendor is accepted.
27. Vendor Risk Management-Vendor On-boarding:
When it comes to vendor risk management, this run book focuses more on due diligence for a new vendor and includes tasks ranging from letter of intent to make sure all legalities are followed, negotiations with the vendor, company contract management , and signing the contract. This run book also includes vendor on-boarding, which is the process of integrating a new vendor into existing systems.
28. Vendor Risk Management–Vendor Development:
When it comes to vendor risk management, this run book focuses more on due diligence for a new vendor and includes tasks ranging from letter of intent to make sure all legalities are followed, negotiations with the vendor, company contract management , and signing the contract. It also involves technical teams to review a vendor\’s development plan before new vendors are accepted .
29. Vendor Risk Management–Joint Venture:
When it comes to vendor risk management, this run book focuses more on due diligence for a new vendor and includes tasks ranging from letter of intent to make sure all legalities are followed, negotiations with the vendor, company contract management , and signing the contract. It also involves legal teams to review a joint venture agreement before any new vendors are accepted .
30. Vendor Risk Management–Vendor Review:
When it comes to vendor risk management, this run book focuses more on due diligence for a new vendor and includes tasks ranging from letter of intent to make sure all legalities are followed, negotiations with the vendor, company contract management , and signing the contract. This run book also includes review by technical teams to ensure that all necessary tests have been performed
Although this list of runbooks is not exhaustive by any means it should give anyone an idea about the different types of workflows that can be put in place for enterprise administration tasks . These runbooks should be analyzed and chosen based on the business requirements of an organization.
