Managed Services - Runbook Catalogue
Index of runbook stubs for the current Managed Services. Effective Sep 2025. Version v2.0
About this catalogue
These runbook stubs outline scope, SOPs, SLAs or SLOs, KPIs, escalation, and evidence steps for each Managed Service. They are designed to be client accessible guidelines/reference and audit friendly. Per client/service, the live runbooks will expand with specific details, but the structure remains consistent.
Runbooks
| Service | Scope summary | Key SLO examples | Evidence examples |
|---|---|---|---|
| Tenant Care (M365) | CA and MFA hygiene, DLP and labels, sharing governance, OAuth and inbox rule hygiene. | Ack 30m, weekly CA drift review | Monthly SLA and SLO report, KQL evidence |
| Endpoint Care | Patch rings, EDR policy hygiene, configuration drift control. | Patch Critical 7d, High 14d | Patch compliance by ring, EDR coverage |
| Backup and Recovery (Managed) | Immutability, job health, restore drills, retention compliance. | Immutability 100 percent; quarterly restores | Restore success with achieved RTO and RPO |
| Identity and Access Operations | Joiner mover leaver, privileged access, CA templates, break glass oversight. | JML in window; monthly PA reviews | Break glass test, orphaned account MTTR |
| Network Security Management | Firewall rules, segmentation or Zero Trust, SWG or SASE policy upkeep. | Planned change windows; policy drift weekly | Policy violations trend; config backup currency |
| Managed Cloud | Landing zone guardrails, cost controls, tagging and compliance signals. | Guardrail violations triaged in 2 days | Cost variance, tag coverage |
| Safe Web and DNS (Managed) | Web and DNS filtering, categories and allowlists, egress policy hygiene. | Category updates monthly or as needed | Blocked threat rate; false positive handling |
| Vulnerability and Patch Management | Scanning coverage, exceptions register, cadence and compliance. | Critical remediation per policy window | Exposure window and coverage |
| Email and Domain Protection (Managed) | DMARC SPF DKIM alignment, inbound filtering, abuse handling. | DMARC alignment at p=quarantine or reject | Spoof or abuse rate; phish catch rate |
| Cloud Spend Guardrails (Managed) | Budgets and alerts, rightsizing, waste reduction tracking. | Budget alerts in 1 business day | Savings realised; idle resources |
| Managed Infrastructure | Server or storage baselines, capacity, patching, backup integration. | Patch and backup windows maintained | Capacity headroom; assets protected |
| Managed Network | Device health, config backups, change windows, performance thresholds. | Availability SLO per device | Latency and errors; config drift MTTR |
| CAB as a Service | Change calendar, records, rehearsal, rollback validation, approvals. | 100 percent complete change records | Failed change rate; unplanned outage attribution |
| PMaaS | Programme cadence, RAID, dependencies, benefits tracking. | On time status cadence; RAID hygiene | Milestone adherence; dependency risk |