System Environment Document Template v0.1 (Runbook)

This document provides a template to describe how a system’s running environment looks like and how a system is running. A runbook is a set of standardized documents, references and procedures that explain common recurring IT tasks.

Table of Contents

1 General Information. 2

1.1 Environment 2

1.2 Contact Persons. 2

1.3 Brief description of the Environment 2

2 Summary of Security Requirements. 3

2.1 Security Requirements. 3

2.2 Immaterial Damage. 3

2.3 Material/Financial Damage. 3

3 System Overview.. 4

3.1 Description of the Environment 4

3.2 Architecture. 4

3.3 Purpose and Function of the System.. 4

4 System Design and Implementation. 4

4.1 Network Plan. 4

4.2 Deployed Products. 4

4.3 Access Control 4

4.4 User Administration & Access Rights. 5

4.5 Monitoring & Logging. 5

4.6 Configuration. 5

5 Processes. 5

6 System Operation. 5

6.1 Related SLA´s and Services. 5

6.2 Contact Persons & Call Management 5

7 References. 6

1 General Information

1.1 Environment

[Mandatory]

Environment Name:                <name
Approved at:                     <date>
Approved by:                     <name>

1.2 Contact Persons

[Mandatory]

Contact (Architecture):          <name>
Contact (Operation):             <name>
Additional contact person:       <name>
External Partners:               <company, contact person>

1.3 Brief description of the Environment

[Mandatory] A short overview of the environment and its purpose.

2 Summary of Security Requirements

2.1 Security Requirements

[Mandatory] The security requirements of an environment are derived from the potential damage that can occur if the confidentiality, integrity or availability of the environment or data processed is affected.

Objective no damage minor major high
confidentiality X      
integrity   X    
availability   X    

2.2 Immaterial Damage

[Mandatory] Please classify the potential immaterial damage with respect to confidentiality, integrity and availability.

Immaterial Damage no damage minor major high
confidentiality X      
integrity   X    
availability
System unavailable for
10 min X      
1 hour X      
6 hours   X    
1 day     X  
1 week       X

2.3 Material/Financial Damage

[Mandatory] Please classify the potential material damage with respect to confidentiality, integrity and availability.

Damage (EURO) 0-50T 50-200T 200T-1mio >1mio
confidentiality X      
integrity   X    
availability
System unavailable for
10 min X      
1 hour X      
6 hours X      
1 day X      
1 week X      

3 System Overview

3.1 Description of the Environment

[Mandatory] Detailed description of the Environment.

3.2 Architecture

[Mandatory] Describe the architecture of the environment, e.g. segments and components. Additionally supply a graphical overview of the architecture (conceptional).

3.3 Purpose and Function of the System

[Mandatory] Contrary to the Product Description describe here the concrete operation purpose of the product within the company. What are the desired goals by using this product? What kind of usage is intended? Local, regional or global?

4 System Design and Implementation

4.1 Network Plan

[Mandatory] Insert a detailed network plan (for each environment if necessary, e.g. Munich, London, etc.). It must be sufficient for people, who don’t know the environment. Therefore networks and IP-addresses must be available.

4.2 Deployed Products

[Mandatory] List of deployed products within the environment.

4.3 Access Control

[If applicable] What is to do in order to gain access to the segment? What kind of authentication/authorization is used? Describe the process and variations, also regarding security issues.

4.4 User Administration & Access Rights

[If applicable] How does the user administration work? How are access rights assigned? Is there a local or centralized user management?

4.5 Monitoring & Logging

[Mandatory] In what way is the environment monitored? What events are logged?

4.6 Configuration

[Mandatory] Describe the configuration of the core components and insert a template if applicable.

5 Processes

What processes are required or based on the environment?

6 System Operation

6.1 Related SLA´s and Services

[Mandatory] Describe SLA’s and coherences to other systems.

6.2 Contact Persons & Call Management

[Mandatory] Name the persons and contact details, which are responsible for the product or can help in case of emergencies. Insert details how to reach the vendor respectively support engineers of the vendor. Similarly insert a little howto for opening calls at the vendor (e.g. by using the provided support-sites and designated accounts).

7 References

[If applicable] Links to used references

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: