Operate (Managed Services)
Managed services SOPs for ongoing security, cloud, and support operations
Overview
Standard operating procedures for the OPERATE pillar, covering ongoing managed security, cloud operations, vulnerability management, and IT support services.
Services
SOP Inventory
| SOP |
Purpose |
Pricing Reference |
| managed-soc-sop.md |
24/7 security monitoring and incident response |
$2,000-$5,000/month |
| edr-management-sop.md |
Endpoint detection and response management |
$1,500-$3,500/month |
| vulnerability-management-sop.md |
Continuous vulnerability scanning and remediation |
$1,500-$4,000/month |
| helpdesk-sop.md |
IT help desk and user support |
$1,500-$4,000/month |
| network-ops-sop.md |
Network monitoring and management |
$1,500-$4,000/month |
| cloud-ops-sop.md |
Cloud infrastructure management (AWS/Azure/GCP) |
$2,000-$5,000/month |
Service Delivery Framework
Managed Services Model
┌─────────────────────────────────────────────────────────────────┐
│ MANAGED SERVICES MODEL │
├─────────────────────────────────────────────────────────────────┤
│ │
│ CONTINUOUS OPERATIONS │
│ ├── 24/7 monitoring and alerting │
│ ├── Incident detection and triage │
│ ├── Automated response and remediation │
│ ├── Escalation to specialists │
│ └── Documentation and reporting │
│ │
│ DAILY OPERATIONS │
│ ├── Alert review and triage │
│ ├── Ticket processing and resolution │
│ ├── System health checks │
│ └── Communication with clients │
│ │
│ WEEKLY OPERATIONS │
│ ├── Performance review and trending │
│ ├── Security posture assessment │
│ ├── Capacity planning │
│ └── Proactive maintenance │
│ │
│ MONTHLY OPERATIONS │
│ ├── Executive reporting │
│ ├── Service review meetings │
│ ├── Optimization recommendations │
│ └── SLA performance analysis │
│ │
│ QUARTERLY OPERATIONS │
│ ├── Business review (QBR) │
│ ├── Strategic recommendations │
│ ├── Technology refresh planning │
│ └── Process improvement initiatives │
│ │
└─────────────────────────────────────────────────────────────────┘
Security Operations Center (SOC)
SOC Operations
├── SIEM monitoring and log analysis
├── Threat detection and intelligence
├── Incident triage and escalation
├── Threat hunting and investigation
├── Monthly security reports
└── Quarterly security reviews
Vulnerability Management Cycle
Monthly Cycle
├── Automated vulnerability scanning
├── Risk-based prioritization (CVSS + context)
├── Remediation guidance and tracking
├── Verification scanning
└── Progress reporting
SLA Commitments
Response Time SLAs
| Severity |
Description |
Response Time |
Resolution Target |
| Critical |
Service outage, security breach |
15 minutes |
2 hours |
| High |
Degraded performance, significant impact |
1 hour |
4 hours |
| Medium |
Minor impact, workaround available |
4 hours |
24 hours |
| Low |
Minimal impact, enhancement request |
24 hours |
72 hours |
Availability SLAs
| Service |
Target Uptime |
Measurement |
| SOC Monitoring |
99.99% |
Monthly |
| Help Desk |
99.9% |
Monthly |
| Cloud Infrastructure |
99.9%+ |
Monthly |
| Network Operations |
99.9% |
Monthly |
Reporting Cadence
| Report |
Frequency |
Audience |
Content |
| Security Dashboard |
Real-time |
IT team |
Current threat status |
| Incident Summary |
Weekly |
IT Director |
Incidents, tickets, trends |
| Executive Summary |
Monthly |
Leadership |
KPIs, recommendations |
| Compliance Status |
Monthly |
Compliance team |
Audit evidence, gaps |
| Strategic Review |
Quarterly |
Executive team |
Performance, roadmap |
Success Metrics
| Metric |
Target |
Measurement |
| Mean Time to Detect (MTTD) |
<5 minutes |
Monitoring systems |
| Mean Time to Respond (MTTR) |
<15 minutes |
Incident tracking |
| SLA Compliance |
99%+ |
SLA reporting |
| Client Satisfaction |
4.5+/5.0 |
Quarterly survey |
| Ticket First-Contact Resolution |
70%+ |
Help desk metrics |
| Cost Savings Delivered |
20-40% |
Cost tracking |
Target Personas
Integration with Other Services
Last Updated: February 2026
SOPs: 6