Service Delivery¶
SOPs and delivery standards organized by service pillar
Overview¶
Standard operating procedures (SOPs) for delivering SBK's four service pillars: Protect, Plan, Operate, and Innovate. Includes quality assurance frameworks and delivery standards.
Total SOPs: 27 pillar-specific + 6 cross-pillar = 33 SOPs
Structure¶
07-service-delivery/
├── protect/ # Security & Compliance SOPs (11)
├── plan/ # Strategic Advisory SOPs (6)
├── operate/ # Managed Services SOPs (6)
├── innovate/ # Digital Transformation SOPs (4)
├── quality-assurance/ # QA frameworks and checklists
└── sops/ # Cross-pillar standard procedures
Service Pillars¶
protect/ — Security & Compliance (11 SOPs)¶
SOPs for compliance and security services.
| Service | SOP | Typical Duration | Deliverable |
|---|---|---|---|
| HIPAA Gap Assessment | hipaa-gap-sop.md | 2-3 weeks | Gap analysis report |
| SOC 2 Readiness | soc2-gap-sop.md | 3-4 weeks | Gap analysis, roadmap |
| ISO 27001 Gap Assessment | iso27001-gap-sop.md | 3-4 weeks | Control gap analysis |
| NIST CSF Assessment | nist-csf-sop.md | 2-3 weeks | Maturity assessment |
| CMMC Readiness | cmmc-sop.md | 4-6 weeks | Readiness report |
| PCI DSS Assessment | pci-dss-sop.md | 3-4 weeks | Compliance gap analysis |
| Risk Assessment | risk-assessment-sop.md | 2-4 weeks | Risk register, treatment plan |
| Penetration Testing | pentest-sop.md | 1-2 weeks | Findings report, remediation |
| Security Policy Development | security-policy-sop.md | 4-8 weeks | Policy framework |
| Security Awareness | security-training-sop.md | Ongoing | Training, phishing metrics |
| Incident Response | incident-response-sop.md | As needed | IR report, lessons learned |
Compliance Frameworks Covered: HIPAA, SOC 2, ISO 27001, NIST CSF, CMMC, PCI DSS
plan/ — Strategic Advisory (6 SOPs)¶
SOPs for strategic IT advisory services.
| Service | SOP | Typical Duration | Deliverable |
|---|---|---|---|
| vCTO/vCISO Engagement | vcto-vciso-engagement-sop.md | Ongoing monthly | Strategic guidance |
| IT Strategy Development | it-strategy-sop.md | 4-6 weeks | Strategic roadmap |
| Technology Roadmapping | tech-roadmap-sop.md | 3-4 weeks | 3-5 year roadmap |
| Budget Optimization | budget-optimization-sop.md | 2-3 weeks | Cost reduction plan |
| Vendor Selection | vendor-selection-sop.md | 2-4 weeks | Vendor scorecard |
| M&A Due Diligence | ma-due-diligence-sop.md | 2-4 weeks | Due diligence report |
operate/ — Managed Services (6 SOPs)¶
SOPs for ongoing managed operations.
| Service | SOP | Engagement Type | Deliverable |
|---|---|---|---|
| Managed SOC | managed-soc-sop.md | Ongoing | Security monitoring |
| EDR Management | edr-management-sop.md | Ongoing | Endpoint protection |
| Vulnerability Management | vulnerability-management-sop.md | Ongoing | Scan reports, tracking |
| Help Desk | helpdesk-sop.md | Ongoing | SLA reports, metrics |
| Network Operations | network-ops-sop.md | Ongoing | Uptime, incident logs |
| Cloud Operations | cloud-ops-sop.md | Ongoing | Availability, cost tracking |
innovate/ — Digital Transformation (4 SOPs)¶
SOPs for transformation initiatives.
| Service | SOP | Typical Duration | Deliverable |
|---|---|---|---|
| Cloud Migration | cloud-migration-sop.md | 2-6 months | Migration plan, execution |
| Process Automation | automation-sop.md | 1-3 months | Automated workflows |
| AI/ML Implementation | ai-implementation-sop.md | 2-6 months | Deployed AI solutions |
| Digital Workplace | digital-workplace-sop.md | 1-4 months | Collaboration platform |
Quality Assurance¶
quality-assurance/¶
Quality control frameworks and checklists.
QA Framework:
┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ PLAN │ → │ EXECUTE │ → │ CHECK │ → │ IMPROVE │
│ Define scope│ │ Follow SOP │ │ QA review │ │ Document │
│ Set metrics │ │ Track time │ │ Client sign │ │ Update SOP │
└─────────────┘ └─────────────┘ └─────────────┘ └─────────────┘
Quality Gates: | Gate | Checkpoint | Owner | |------|------------|-------| | G1 | Scope confirmed, resources assigned | Project lead | | G2 | Mid-engagement progress review | Delivery manager | | G3 | Deliverable peer review | Senior consultant | | G4 | Client review and sign-off | Account manager | | G5 | Lessons learned captured | Project lead |
sops/¶
Cross-pillar standard procedures applicable to all engagements. See SOPs Overview for complete documentation.
Cross-Pillar SOPs (6):
| SOP | Purpose | Key Templates |
|---|---|---|
| Engagement Kickoff | Starting any engagement | Kickoff Agenda, Project Charter, RACI |
| Status Reporting | Client communication cadence | Weekly Status, Monthly Executive, QBR |
| Deliverable Review | Multi-stage peer review process | Self-Review, Peer Review, QA Checklists |
| Engagement Closeout | Closing engagements with knowledge transfer | Sign-Off Form, Lessons Learned |
| Time Tracking | Billing, time capture, budget management | Budget Status Report |
| Client Escalation | Issue escalation and resolution path | Escalation Log, Email Templates |
Integration: - Templates: 14-templates/ — Documents, Reports, Emails - Brand: 00-foundation/brand/ — Visual Identity, Voice
Delivery Metrics¶
| Metric | Target | Frequency |
|---|---|---|
| Client Satisfaction (CSAT) | 4.5+ / 5.0 | Per engagement |
| On-Time Delivery | 95%+ | Monthly |
| Budget Adherence | ±10% | Per engagement |
| First-Time Audit Pass | 90%+ | Per audit |
| Utilization Rate | 75-85% | Weekly |
| Deliverable Rework Rate | <5% | Monthly |
SOP Cross-References¶
By Target Persona¶
| Persona | Recommended SOPs |
|---|---|
| Solo IT Director | vCTO, Managed SOC, Cloud Ops, Help Desk |
| CFO/Controller | Budget Optimization, Risk Assessment, Cloud Migration |
| CTO/VP Engineering | IT Strategy, Cloud Migration, AI Implementation |
| Healthcare Admin | HIPAA Gap, Security Training, Incident Response |
| Managing Partner | SOC 2, Risk Assessment, Security Policy |
By Engagement Type¶
| Type | SOPs |
|---|---|
| Assessment | All gap assessments, Risk Assessment, Readiness assessments |
| Project | Cloud Migration, Automation, AI Implementation, Digital Workplace |
| Retainer | vCTO/vCISO, Managed SOC, Cloud Ops, Help Desk |
Skills Integration¶
Primary Skill: Strategic Business Planning¶
The strategic-business-planning skill supports service delivery operations.
Invoke: Load when creating SOPs, delivery frameworks, or engagement planning.
Key Subskills:
- @operations-digital-twin.md — Economics simulation, delivery optimization
- @risk-assessment.md — Risk identification for engagements, mitigation planning
- @gtm-strategy.md — Service packaging, positioning
CLI Commands:
# Digital twin for service economics
sbp digital-twin --init --mrr 150000 --customers 25
sbp digital-twin --scenario "add_customers 5 15000"
sbp digital-twin --what-if "utilization_rate 0.80"
# Risk assessment for engagements
sbp risk add --category delivery --likelihood 2 --impact 3
sbp risk list --severity high
sbp risk matrix --output engagement-risks.png
SDK Integration¶
from sbp.sdk.core import MonteCarloEngine
from sbp.sdk.orchestration import (
DurableContext, durable_handler,
CronScheduler, AlertManager, AlertRule
)
# Service delivery workflow with durable execution
@durable_handler
async def engagement_workflow(ctx: DurableContext, engagement_id: str):
# Each step survives failures
kickoff = await ctx.call(execute_kickoff, engagement_id)
for milestone in kickoff.milestones:
deliverable = await ctx.call(execute_milestone, milestone)
await ctx.call(qa_review, deliverable)
await ctx.call(client_review, deliverable)
return await ctx.call(closeout_engagement, engagement_id)
# SLA monitoring with alerts
alert_manager = AlertManager()
alert_manager.add_rule(AlertRule(
condition=AlertCondition(
metric="ticket_response_time_hours",
threshold=4,
operator="gt"
),
escalation=EscalationPolicy(
levels=[
("email", "support_team", timedelta(minutes=0)),
("slack", "delivery_manager", timedelta(hours=1)),
]
)
))
# Utilization simulation
engine = MonteCarloEngine(
assumptions={
"billable_hours": (140, 120, 160),
"available_hours": (176, 0.05),
},
months=12
)
results = engine.run_simulation(n_simulations=5000)
utilization_forecast = results.percentile(50)
Subskills Reference¶
| Subskill | Purpose | Template |
|---|---|---|
@operations-digital-twin.md |
Service economics simulation | — |
@risk-assessment.md |
Engagement risk management | risk-register-template.md |
@gtm-strategy.md |
Service positioning | content-calendar-template.md |
@financial-modeling.md |
Profitability analysis | unit-economics-template.md |
Related Documents¶
- Cross-Pillar SOPs
- Onboarding
- Playbooks
- Templates
- Document Templates
- Report Templates
- Email Templates
- Contracts & Legal
- Pricing & Positioning
- Brand Guidelines
- Visual Identity
Last Updated: February 2026 Total Pillar SOPs: 27 Total Cross-Pillar SOPs: 6 Total SOPs: 33