Every data center needs to define its policies, procedures, and operational processes. Technical details regarding application installation and
configuration, as well as notification and escalation matrices are typically included in this documentation. However, the ideal set of documentation goes beyond these items and includes a wide range of other topics. Here's a list of the top 10 areas to include in your data center's standard operating procedures manuals.
- Change Control. In addition to defining the formal change control process, include a
roster of change control board members and forms for change control requests, plans and logs.
- Facilities. Injury prevention program information is a good idea, as well as
documentation regarding power and cooling emergency shut off processes; fire suppression system
information; unsafe condition reporting forms; new employee safety training information, logs and
attendance records; illness or injury reporting forms; and visitor policies.
- Human Resources. Policies regarding technology training are an ideal item to include, as
well as acceptable use policies, working hours and shift schedules, workplace violence policies.
employee emergency contact update forms, vacation schedules, and anti-harassment and discrimination
- Security. This is a critical area for most organizations. Ensuring that all staff has
access to and understands the security policies of your organization is half the battle. Items to
include here are policies regarding the following: third-party or customer system access; security
violations; auditing; classification of sensitive resources; confidentiality; physical security;
passwords; information control; encryption; and system access controls.
- Templates. Providing templates for regularly used documentation types makes it easier to
get the data you need captured accurately and in a format familiar to your organization's staff.
Templates you might consider include policies, processes, logs, user guides and test/ report forms.
- Crisis Management. Having a crisis response scripted out in advance goes a long way
toward reducing the stress of a bad situation. Items you may wish to include in the crisis
management documentation are the following: crisis definitions; roster of crisis response team
members; crisis planning processed; escalation and notification matrix; crisis checklist;
guidelines for communications; situation update forms, policies, and processes; and post-mortem
processes and policies.
- Deployment. Instituting repeatable processes are the key to speedy and successful
deployments. Provide your staff with? activation checklists, installation procedures, deployment
plans, location of server baseline loads or images, revision history of past loads or images and
activation testing processes.
- Materials Management. Controlling your inventory of equipment is an important task.
Consider including these items in your organization's documentation library: policies governing
requesting, ordering, receiving and use of equipment for testing; procedures for handling, storing,
inventorying, and securing hardware and software; and forms for requesting and borrowing hardware
- Internal communications. Interactions with other divisions and departments within your
organization may be straightforward, but it is almost always helpful to provide a contact list of
all employees in each department, with their work phone numbers and e-mail addresses. In addition
to this, it may be helpful to provide a list of services and functions provided by each department,
and scenarios in which it may be necessary to contact these other departments for assistance.
- Engineering Standards. How new technology is tested, reviewed and implemented in a data center is an important activity for every organization. Consider adding these items to your organization's standard operating procedures manuals: New technology request forms; technology evaluation forms and reports; descriptions of standards; testing processes; standards review and change processes; and test equipment policies.
This was first published in March 2006