Standard Operating Procedures¶
Step-by-step procedures for service delivery
Overview¶
SOP library ensuring consistent, repeatable service delivery across all engagements. This directory contains cross-pillar SOPs that apply to all service types.
SOP Inventory by Pillar¶
PROTECT SOPs (11)¶
| SOP | Purpose | Location |
|---|---|---|
| hipaa-gap-sop.md | HIPAA compliance gap assessment | protect/ |
| soc2-gap-sop.md | SOC 2 readiness assessment | protect/ |
| iso27001-gap-sop.md | ISO 27001 certification readiness | protect/ |
| nist-csf-sop.md | NIST CSF maturity assessment | protect/ |
| cmmc-sop.md | CMMC readiness assessment | protect/ |
| pci-dss-sop.md | PCI DSS compliance assessment | protect/ |
| risk-assessment-sop.md | Security risk assessment | protect/ |
| pentest-sop.md | Penetration testing | protect/ |
| security-policy-sop.md | Security policy development | protect/ |
| security-training-sop.md | Security awareness training | protect/ |
| incident-response-sop.md | Incident response | protect/ |
PLAN SOPs (6)¶
| SOP | Purpose | Location |
|---|---|---|
| vcto-vciso-engagement-sop.md | vCTO/vCISO delivery framework | plan/ |
| it-strategy-sop.md | IT strategy development | plan/ |
| tech-roadmap-sop.md | Technology roadmapping | plan/ |
| budget-optimization-sop.md | IT budget optimization | plan/ |
| vendor-selection-sop.md | Technology vendor selection | plan/ |
| ma-due-diligence-sop.md | M&A technology due diligence | plan/ |
OPERATE SOPs (6)¶
| SOP | Purpose | Location |
|---|---|---|
| managed-soc-sop.md | Managed SOC operations | operate/ |
| edr-management-sop.md | EDR management | operate/ |
| vulnerability-management-sop.md | Vulnerability management | operate/ |
| helpdesk-sop.md | Help desk operations | operate/ |
| network-ops-sop.md | Network operations | operate/ |
| cloud-ops-sop.md | Cloud operations (AWS/Azure/GCP) | operate/ |
INNOVATE SOPs (4)¶
| SOP | Purpose | Location |
|---|---|---|
| cloud-migration-sop.md | Cloud migration | innovate/ |
| automation-sop.md | Process automation | innovate/ |
| ai-implementation-sop.md | AI/ML implementation | innovate/ |
| digital-workplace-sop.md | Digital workplace transformation | innovate/ |
Cross-Pillar SOPs (6)¶
These SOPs apply to all engagement types and ensure consistent delivery across service pillars:
| SOP | Purpose | Location |
|---|---|---|
| engagement-kickoff-sop.md | Starting any engagement | sops/ |
| status-reporting-sop.md | Client communication cadence | sops/ |
| deliverable-review-sop.md | Multi-stage peer review process | sops/ |
| engagement-closeout-sop.md | Closing engagements with knowledge transfer | sops/ |
| time-tracking-sop.md | Billing, time capture, budget management | sops/ |
| client-escalation-sop.md | Issue escalation and resolution path | sops/ |
Cross-Pillar SOP Integration¶
┌─────────────────────────────────────────────────────────────────┐
│ ENGAGEMENT LIFECYCLE │
├─────────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ KICKOFF │ ──→ │ DELIVERY │ ──→ │ CLOSEOUT │ │
│ │ (Gate G1) │ │ (Gates G2-4)│ │ (Gate G5) │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
│ │ │
│ ↓ │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ CONTINUOUS PROCESSES │ │
│ ├─────────────────────────────────────────────────────────┤ │
│ │ Status Reporting │ Time Tracking │ Escalation Mgmt │ │
│ │ (Weekly/Monthly) │ (Daily) │ (As Needed) │ │
│ └─────────────────────────────────────────────────────────┘ │
│ │ │
│ ↓ │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ QUALITY PROCESSES │ │
│ ├─────────────────────────────────────────────────────────┤ │
│ │ Deliverable Review (Self → Peer → Tech → QA) │ │
│ └─────────────────────────────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────┘
Quality Gates Across SOPs¶
| Gate | Stage | Primary SOP | Validation |
|---|---|---|---|
| G1 | Engagement Start | Engagement Kickoff | Charter signed, RACI defined |
| G2 | Discovery Complete | Pillar-specific SOP | Requirements validated |
| G3 | Deliverable Ready | Deliverable Review | Peer review complete |
| G4 | Client Review | Status Reporting | Client feedback incorporated |
| G5 | Engagement Complete | Engagement Closeout | Sign-off received |
SOP Template¶
# [Service] Standard Operating Procedure
> [Brief description of the service]
**Service Pillar**: [Protect/Plan/Operate/Innovate]
**Service Category**: [Category]
**Engagement Type**: [Project-based/Ongoing Monthly Retainer/As-needed]
**Related Pricing**: See [Pricing & Positioning](../../00-foundation/brand/pricing-positioning.md)
---
## Service Overview
### Purpose
[Why this service exists and what problem it solves]
### Target Personas
| Persona | Primary Pain Point | Value Case |
|---------|-------------------|------------|
| [Persona](../../00-foundation/value-cases/persona.md) | Pain point | Value delivered |
### Business Justification
| Metric | Value | Source |
|--------|-------|--------|
| Metric | Value | [Source Name](URL) |
---
## Pricing Reference
| Project Type | [INTERNAL] Target | [EXTERNAL] Sales Language | Timeline |
|--------------|-------------------|---------------------------|----------|
| Assessment | $X,000-$Y,000 | Starting at $X,000 | X weeks |
**[BENCHMARK] Industry Pricing**:
- Benchmark 1 ([Source](URL))
- Benchmark 2 ([Source](URL))
---
## Pre-Engagement
### Discovery Checklist
- [ ] Requirement 1
- [ ] Requirement 2
---
## Service Delivery Framework
### Lifecycle Diagram
---
## Operational Procedures
### Phase 1: [Phase Name]
| Activity | Duration | Deliverable |
|----------|----------|-------------|
| Activity | Duration | Deliverable |
---
## Deliverables
| Deliverable | Format | Description |
|-------------|--------|-------------|
| Deliverable | Format | Description |
---
## Success Metrics
| Metric | Target | Measurement |
|--------|--------|-------------|
| Metric | Target | How measured |
---
## Quality Assurance
### Quality Gates
| Gate | Criteria | Approval |
|------|----------|----------|
| Gate | Criteria | Who approves |
---
## Integration with Other Services
| Service | Integration | Value |
|---------|-------------|-------|
| [Service](./service-sop.md) | How integrated | Value delivered |
---
## Related Services
| Service | Connection | SOP Reference |
|---------|------------|---------------|
| Service | Connection | [sop.md](./sop.md) |
---
## Evidence Base
### Why This Approach Works
| Principle | Evidence | Source |
|-----------|----------|--------|
| Principle | Evidence | [Source](URL) |
---
## References
- [Reference 1](URL)
- [Reference 2](URL)
---
*Last Updated: [Month Year]*
*Version: 1.0*
SOP Maintenance¶
| Activity | Frequency | Owner |
|---|---|---|
| Accuracy review | Quarterly | Service leads |
| Template update | Semi-annual | QA |
| New SOP creation | As needed | Service leads |
| Retirement | As needed | Leadership |
SOP Standards¶
Required Sections¶
All SOPs must include: - Service Overview with business justification - Pricing Reference with industry benchmarks - Pre-Engagement checklist - Service Delivery Framework with lifecycle - Operational Procedures - Deliverables - Success Metrics - Quality Gates - Integration with Other Services - Evidence Base with citations
Citation Requirements¶
All SOPs must include: - Industry benchmark sources for pricing - Research citations for business justification - Framework references (NIST, ISO, etc. where applicable) - Related SBK documents via relative links
Related Documents¶
Cross-Pillar Template Integration¶
Cross-pillar SOPs integrate with the following templates for consistent branding and execution:
| Template | Location | Used By |
|---|---|---|
| Weekly Status Report | 14-templates/reports | Status Reporting SOP |
| Monthly Executive Report | 14-templates/reports | Status Reporting SOP |
| QBR Presentation | 14-templates/presentations | Status Reporting SOP |
| Self-Review Checklist | 14-templates/documents | Deliverable Review SOP |
| Peer Review Checklist | 14-templates/documents | Deliverable Review SOP |
| QA Review Checklist | 14-templates/documents | Deliverable Review SOP |
| Client Sign-Off Form | 14-templates/documents | Engagement Closeout SOP |
| Lessons Learned Template | 14-templates/documents | Engagement Closeout SOP |
| Knowledge Transfer Checklist | 14-templates/documents | Engagement Closeout SOP |
| Kickoff Agenda Template | 14-templates/documents | Engagement Kickoff SOP |
| Project Charter Template | 14-templates/documents | Engagement Kickoff SOP |
| Escalation Log Template | 14-templates/documents | Client Escalation SOP |
| Escalation Communication | 14-templates/emails | Client Escalation SOP |
Brand Integration¶
All cross-pillar templates follow: - Visual Identity: Brand Assets - Voice & Tone: Brand Voice - Logo Usage: Visual Identity - Document Standards: 14-templates Standards
Last Updated: February 2026 Total Pillar SOPs: 27 Total Cross-Pillar SOPs: 6 Total SOPs: 33