Operational Documentation Standards
Template and evidence standards for corporate-grade SOPs (SOX/ITGC mindset): precise, reproducible, auditable.
Status: Planned
Scope / Objective
- Scope: Standards for SOP/runbook structure, evidence capture, validation, rollback, and change logs.
- Objective: Ensure any operator can reproduce changes and provide audit-ready evidence.
Dependencies / Preconditions
- Approved storage location for evidence packs (e.g.,
Documents\MTINFRA-EvidencePack) - Standardized naming convention (
EV-*) - Operator access to system consoles and admin portals being documented
Change plan
- Define scope/objective and identify risk (what could break).
- Capture pre-change baseline evidence.
- Execute change steps with expected results and failure modes.
- Perform validation using at least 3 independent methods.
- Capture post-change evidence, hash file-based evidence.
- Document rollback/backout and final state.
Implementation steps
1) Required sections per runbook
- Scope / Objective
- Dependencies / Preconditions
- Change plan
- Implementation steps (Action, Rationale, Expected Result, Evidence, Failure Modes)
- Validation (exact commands + interpretation)
- Rollback plan
- Evidence pack checklist
- Final state
2) Evidence standards
- Prefer files: JSON/TXT exports over screenshots where possible.
- One screenshot per objective: Avoid “one checkbox = one screenshot.”
- Hash file evidence: Produce SHA256 hashes for JSON evidence outputs.
- Do not invent values: Use exact record values/targets/keys as provided by systems of record.
3) Evidence naming convention
EV-<category>-<sequence>-<short-description>.<ext>
Examples:
EV-01-NS-DoH.json
EV-CF-04-DeploymentSuccess.png
EV-GH-30-PR-Merged.png
EV-00-Hashes-SHA256.txt
Validation (with exact commands)
Standard DoH JSON capture pattern (PowerShell)
$name = "example.com"
$type = "NS"
$BasePath = "$env:USERPROFILE\Documents\MTINFRA-EvidencePack"
$r = Invoke-RestMethod -Uri ("https://cloudflare-dns.com/dns-query?name=$name&type=$type") -Headers @{ accept="application/dns-json" }
$r | ConvertTo-Json -Depth 10 | Out-File (Join-Path $BasePath "EV-XX-DoH.json") -Encoding utf8
Hashing standard (SHA256)
$BasePath="$env:USERPROFILE\Documents\MTINFRA-EvidencePack"
Get-ChildItem $BasePath -Filter "*.json" |
ForEach-Object { Get-FileHash $_.FullName -Algorithm SHA256 } |
Out-File (Join-Path $BasePath "EV-00-Hashes-SHA256.txt") -Encoding utf8
Rollback plan
- Every runbook must include a rollback with explicit steps and the exact objects to remove/restore.
- Rollback must specify what evidence proves rollback completed successfully.
- Rollback should avoid destructive actions against non-target systems (e.g., do not remove email records when rolling back web changes).
Evidence pack checklist
| Item | Requirement |
|---|---|
| Pre-change baseline | At least one independent snapshot proving starting state |
| Implementation proof | Evidence that changes were applied (UI + file artifacts) |
| Validation | 3 independent methods (UI, external checks, functional test) |
| Integrity | SHA256 hashes for file-based evidence |
| Change log | Date, implementer, summary, ticket/CRQ if applicable |
Final state
Runbooks are considered “complete” only when:
- All required sections are present
- Commands are copy/paste runnable (with placeholders clearly marked)
- Evidence artifacts exist and are referenced in the checklist
- Rollback steps are explicit and tested at least once (where safe)