This document template provides a detail guide and sections how to document a system operation manual (Buildbook). A build book is a document that details the procedures for installing equipment, systems, and/or software. It’s frequently considered a companion to a run book, but the build book is commonly used by a different group of admins than a run book (except in small environments, where admin responsibilities often overlap).
Document history
| Version | Modified on | Modified by | Description of Changes |
Contact List
| Name | Role | Contact Data |
| Document owner | ||
Contents
1 Document Information………………………………………………………………………………………………………. 6
1.1 Instructions / Guideline……………………………………………………………………………………………………… 6
2 General Information………………………………………………………………………………………………………….. 7
2.1 Product……………………………………………………………………………………………………………………………. 7
2.2 Product Manager, Contact Person………………………………………………………………………………………. 7
2.3 Subsystems of the Application…………………………………………………………………………………………… 7
2.4 Brief description of the Product………………………………………………………………………………………….. 7
3 Business Impact Assessment……………………………………………………………………………………………… 8
3.1 Business Impact Rating…………………………………………………………………………………………………….. 8
3.2 Business Continuity………………………………………………………………………………………………………….. 8
3.3 Disaster Recovery…………………………………………………………………………………………………………….. 8
4 System Overview……………………………………………………………………………………………………………… 9
4.1 Product Description………………………………………………………………………………………………………….. 9
4.2 Architecture…………………………………………………………………………………………………………………….. 9
4.3 Purpose and Function of the System…………………………………………………………………………………… 9
4.4 Deployed Hardware & Software………………………………………………………………………………………… 9
5 Processes……………………………………………………………………………………………………………………….. 10
5.1 Dependent Processes………………………………………………………………………………………………………. 10
5.2 Processes based on this Product……………………………………………………………………………………….. 10
6 Legal & Regulatory Requirements……………………………………………………………………………………. 11
6.1 Vendor Contracts……………………………………………………………………………………………………………. 11
6.2 Related SLA´s and Services…………………………………………………………………………………………….. 11
6.3 Contact Persons & Call Management………………………………………………………………………………… 11
6.4 Data Privacy…………………………………………………………………………………………………………………… 11
7 System Design and Implementation………………………………………………………………………………….. 12
7.1 Approved Scope of Operation………………………………………………………………………………………….. 12
7.2 Network Plan…………………………………………………………………………………………………………………. 12
7.3 Dependencies…………………………………………………………………………………………………………………. 12
7.4 System Internal Interfaces……………………………………………………………………………………………….. 12
7.5 External Interfaces………………………………………………………………………………………………………….. 12
8 Users and Access……………………………………………………………………………………………………………. 13
8.1 Authentication………………………………………………………………………………………………………………… 13
8.2 User Authorization………………………………………………………………………………………………………….. 13
8.3 User Administration & Access Rights……………………………………………………………………………….. 13
8.4 Configuration…………………………………………………………………………………………………………………. 13
8.5 Roles & Users………………………………………………………………………………………………………………… 13
8.6 Technical Users……………………………………………………………………………………………………………… 13
9 System Operation……………………………………………………………………………………………………………. 14
9.1 Regular Maintenance………………………………………………………………………………………………………. 14
9.2 Updates & Patch-Management…………………………………………………………………………………………. 14
9.3 High Availability……………………………………………………………………………………………………………. 14
9.4 Monitoring & Reporting………………………………………………………………………………………………….. 14
9.5 Logging…………………………………………………………………………………………………………………………. 14
9.6 Backup & Archiving……………………………………………………………………………………………………….. 14
9.7 Troubleshooting……………………………………………………………………………………………………………… 15
9.8 Recovery……………………………………………………………………………………………………………………….. 15
10 References……………………………………………………………………………………………………………………… 16
11 Responsibility Matrix……………………………………………………………………………………………………… 17
Table of Contents
1 Document Information
1.1 Instructions / Guideline
Please provide the information as requested within the following chapters. Please delete the existing instructional texts.
Please also see “xx.”, page xx. as a guideline on who would typically contribute the requested information.
2 General Information
2.1 Product
Product Name: <Vendor, Model, Version>
Approved at: <date>
Approved by: <name>
2.2 Product Manager, Contact Person
Product Manager: <name>
Additional contact person: <name>
External Partners: <company, contact person>
2.3 Subsystems of the Application
Description of subsystems of the application, e.g. realized services based on the system: Intrusion Prevention System as subsystem of a firewall.
2.4 Brief description of the Product
A short overview of the product and its features.
3 Impact Assessment
3.1 Business Impact Rating
[Copy BIA Rating Summary from BIA Assistant (Excel, separate File)]
Sample:
3.2 Business Continuity
If the results from “Business Impact Rating” suggest this system should be explicitly covered by Business Continuity processes, please list references here.
3.3 Disaster Recovery
If the results from “Business Impact Rating” suggest this system should be explicitly covered by dedicated Disaster Recovery processes, please list references here. Also see “Recovery”, page 15.
4 System Overview
4.1 Product Description
Detailed description of the product and its features. Describe possible fields of application.
4.2 Architecture
Describe the architecture of the system, e.g. distribution of the components, separation of management, et cetera. Additionally supply a graphical overview of the architecture (conceptional).
4.3 Purpose and Function of the System
Contrary to the Product Description describe here the concrete operation purpose of the product within the company. What are the desired goals by using this product? What kind of usage is intended? Local, regional or global?
4.4 Deployed Hardware & Software
List all deployed hardware and software (incl. versions).
| Product | (Firmware-)Version |
5 Processes
5.1 Dependent Processes
What processes are required in order to run the system?
5.2 Processes based on this Product
Which business processes (e.g. derived from CHANGE process descriptions) are based on the system or service?
6 Legal & Regulatory Requirements
Are there any legal or regulatory conditions to meet, so that a user is allowed to use the application or service? What processes must be adhered?
6.1 Vendor Contracts
What kind of maintenance contracts, licenses, etc. are in effect?
6.2 Related SLA´s and Services
Describe SLA’s and coherences to other systems.
6.3 Contact Persons & Call Management
Name the persons and contact details, which are responsible for the product or can help in case of emergencies. Insert details how to reach the vendor respectively support engineers of the vendor. Similarly insert a little howto for opening calls at the vendor (e.g. by using the provided support-sites and designated accounts).
6.4 Data Privacy
Are there regulations regarding data privacy which have to be considered for this system? Has the data privacy officer been involved in systems design? Please list references or details regarding data privacy.
7 System Design and Implementation
7.1 Approved Scope of Operation
Which features of the product are approved for usage?
7.2 Network Plan
Insert a detailed network plan. It must be sufficient for people, who know neither the product nor the environment in which it is deployed. Therefore networks and IP-addresses must be available.
7.3 Dependencies
Are there any dependencies, e.g. specific software- or OS-versions, Patch-levels, etc.?
7.4 System Internal Interfaces
What internal communications are there?
| Source | Destination | Protocol | Port(s) | Service | Description |
(please copy this table for additional systems, the communications needs to be listed for each system individually)
7.5 External Interfaces
Which services are reachable by other systems (e.g. Admin-Client needs to connect to the management console)? Describe, to which systems the application must talk, including destinations, protocols and ports (LDAP, NTP, …).
| Source | Destination | Protocol | Port(s) | Service | Description |
(please copy this table for additional systems, the communications needs to be listed for each system individually)
8 Users and Access
8.1 Authentication
What kind of authentication is used? Describe the process and variations, also regarding security issues.
8.2 User Authorization
Describe the authorization technology or link to resp. reference document of standard user authorization.
8.3 User Administration & Access Rights
How does the user administration work? How are access rights assigned? Is there a local or centralized user management?
8.4 Configuration
Insert the complete relevant configuration of the service, application or system, including the initial configuration (e.g. for appliances). Consider that in case of emergency also a person not knowing the product must be able to find and handle the configuration.
Please describe your configuration in a few words, so that the intent of the configuration section is clear.
8.5 Roles & Users
Describe the defined roles and users (e.g. Administrators, Operators, Auditor,…). Are there any restrictions or requirements for some roles (see Legal & regulatory Conditions)?
8.6 Technical Users
Which technical users are defined and what roles do they have? For what and in which way are they used?
9 System Operation
9.1 Regular Maintenance
How is the system normally managed? Are there any regular tasks or cronjobs?
9.2 Updates & Patch-Management
Describe the update- and patch-management (regularity [e.g. pattern-updates], security patches, firmware-updates,…). What prerequisites must be fulfilled? How does the update-process work? If using high availability, describe how to update the cluster (e.g. disable cluster, manual failover, etc.). Also describe a rollback.
9.3 High Availability
In case of a high availability system, describe the HA-mode (e.g. active/passive). Also describe failover mechanism and triggers. Insert a detailed description for triggering a manual failover.
9.4 Monitoring & Reporting
What kind of monitoring is implemented (e.g. network or service reachability, etc.)? Is there any integrity control? What kinds of failures or attacks can be recognized? Are reporting mechanisms used, e.g. for compliant issues?
9.5 Logging
Describe the logging of the product. Where are the logs located (e.g. local, central syslog-server, …)? How long are the logs preserved and are the logs archived? Also describe whether the logs are used for compliance-analysis? What regulations are applied?
9.6 Backup & Archiving
Describe the Backup process. How does it work? What kind of data is backed up? How long is data being archived?
9.7 Troubleshooting
Describe how to do basic troubleshooting. What tools should be used and in what way? How can debug-output be activated? Where are additional logs stored? Are there common errors (errors, which might occur more probably than others)? How can those failures be resolved?
9.8 Recovery
What is to do in case of emergency or failures? Please think about possible scenarios and an according recovery. Is there a fallback-config available? How to reset to factory defaults? What are the default credentials? What to do in case of lost password?
10 References
Links to used references
11 Responsibility Matrix
This matrix shall serve as a guideline to determine who is responsible for providing the information for the various chapters. Please note that these responsibilities may vary slightly depending on the assessed project.
| Business Owner | Corporate IT | |
| Document Information | (on each change) | |
| General Information | ||
| Product | X | |
| Product Manager, Contact Person | X | |
| Subsystems of the Application | X | |
| Brief description of the Product | X | |
| Business Impact Assessment | ||
| Business Impact Rating | X | |
| Business Continuity | c | X |
| Disaster Recovery | c | X |
| System Overview | ||
| Product Description | X | |
| Architecture | c | X |
| Purpose and Function of the System | X | |
| Deployed Hardware & Software | c | X |
| Processes | ||
| Dependent Processes | X | c |
| Processes based on this Product | X | c |
| Legal & Regulatory Requirements | ||
| Vendor Contracts | X | c |
| Related SLA´s and Services | X | c |
| Contact Persons & Call Management | X | c |
| Data Privacy | X | |
| System Design and Implementation | ||
| Approved Scope of Operation | c | X |
| Network Plan | X | |
| Dependencies | X | |
| System Internal Interfaces | X | |
| External Interfaces | X | |
| Users and Access | ||
| Authentication | X | |
| User Authorization | X | |
| User Administration & Access Rights | X | |
| Configuration | X | |
| Roles & Users | X | |
| Technical Users | X | |
| System Operation | ||
| Regular Maintenance | X | |
| Updates & Patch-Management | X | |
| High Availability | X | |
| Monitoring & Reporting | c | X |
| Logging | c | X |
| Backup & Archiving | c | X |
| Troubleshooting | c | X |
| Recovery | c | X |
| References | (all used references) |
X = usually responsible
c = usually contributing
