This document provides a template to describe how a system’s running environment looks like and how a system is running. A runbook is a set of standardized documents, references and procedures that explain common recurring IT tasks.
Table of Contents
Environment Name: <name
Approved at: <date>
Approved by: <name>
1.2 Contact Persons
Contact (Architecture): <name>
Contact (Operation): <name>
Additional contact person: <name>
External Partners: <company, contact person>
1.3 Brief description of the Environment
[Mandatory] A short overview of the environment and its purpose.
2.1 Security Requirements
[Mandatory] The security requirements of an environment are derived from the potential damage that can occur if the confidentiality, integrity or availability of the environment or data processed is affected.
2.2 Immaterial Damage
[Mandatory] Please classify the potential immaterial damage with respect to confidentiality, integrity and availability.
|Immaterial Damage||no damage||minor||major||high|
System unavailable for…
2.3 Material/Financial Damage
[Mandatory] Please classify the potential material damage with respect to confidentiality, integrity and availability.
System unavailable for…
3.1 Description of the Environment
[Mandatory] Detailed description of the Environment.
[Mandatory] Describe the architecture of the environment, e.g. segments and components. Additionally supply a graphical overview of the architecture (conceptional).
3.3 Purpose and Function of the System
[Mandatory] Contrary to the Product Description describe here the concrete operation purpose of the product within the company. What are the desired goals by using this product? What kind of usage is intended? Local, regional or global?
4.1 Network Plan
[Mandatory] Insert a detailed network plan (for each environment if necessary, e.g. Munich, London, etc.). It must be sufficient for people, who don’t know the environment. Therefore networks and IP-addresses must be available.
4.2 Deployed Products
[Mandatory] List of deployed products within the environment.
4.3 Access Control
[If applicable] What is to do in order to gain access to the segment? What kind of authentication/authorization is used? Describe the process and variations, also regarding security issues.
4.4 User Administration & Access Rights
[If applicable] How does the user administration work? How are access rights assigned? Is there a local or centralized user management?
[Mandatory] In what way is the environment monitored? What events are logged?
[Mandatory] Describe the configuration of the core components and insert a template if applicable.
What processes are required or based on the environment?
6.1 Related SLA´s and Services
[Mandatory] Describe SLA’s and coherences to other systems.
6.2 Contact Persons & Call Management
[Mandatory] Name the persons and contact details, which are responsible for the product or can help in case of emergencies. Insert details how to reach the vendor respectively support engineers of the vendor. Similarly insert a little howto for opening calls at the vendor (e.g. by using the provided support-sites and designated accounts).
[If applicable] Links to used references