9.01 Implement best practices with documentation and support systems information management

Introduction 

Imagine you're the conductor of a large orchestra, with each musician playing a different instrument. To create harmony, every musician needs to follow the same sheet of music, and you need to know exactly how each section contributes to the performance. In IT, documentation and support systems work the same way—they keep everything running smoothly and in sync.

This lesson will guide you through the best practices of documentation, asset management, and support systems, helping you understand how these tools can prevent chaos, solve problems quickly, and assist others in making the most of their technology. By mastering these skills, you'll become the go-to person for creating efficiency and harmony in your organization.

Introduction to Standard Operating Procedures (SOPs) 

In any organization, employees must know how to use computers and network services securely and responsibly. To ensure this, clear, written policies and procedures must be established. These documents guide staff in their roles and ensure they follow best practices. 

Key Definitions 

  • Policy: A broad statement that outlines the organization's goals and expectations. 

  • Standard Operating Procedure (SOP): A step-by-step list of actions required to complete a specific task in compliance with the organization's policies. 

  • Guidelines: Provide advice when a situation hasn’t been fully assessed or is too complex for a standard procedure. Guidelines may also explain when it is appropriate to deviate from a specified procedure. 

Examples of SOPs 

SOPs ensure consistent, secure processes within IT systems. Here are some typical examples of where SOPs are used: 

1. Custom Software Installation Procedures 

When installing software, specific steps ensure system integrity and compliance. These steps include: 

  • Verifying system requirements: Confirming the system can support the software. 

  • Validating the installation source: Ensuring the software is downloaded from a trusted source. 

  • Confirming license validity: Checking the software’s license is legitimate and up to date. 

  • Adding software to change control and monitoring: Including the software in the organization’s tracking system for updates and changes. 

  • Developing support and training documentation: Creating user guides and training materials for employees. 

2. New-User Setup Checklist 

For new employees or those changing roles, an SOP ensures secure and efficient onboarding. Key steps include: 

  • Enrollment with secure credentials: Assigning usernames and passwords. 

  • Device allocation: Providing the necessary hardware. 

  • Permission allocation: Granting access to systems and resources based on job role. 

  • Assignment to security groups: Adding the user to security groups that match their responsibilities. 

3. End-User Termination Checklist 

For employees who leave or change roles, an offboarding SOP secures the organization’s systems and data. Key steps include: 

  • Returning and sanitizing devices: Collecting company equipment and wiping data if necessary. 

  • Releasing software licenses: Revoking licenses linked to the employee. 

  • Disabling account permissions: Removing access to company systems and security groups. 

Introduction to Ticketing Systems 

A ticketing system is a tool used to manage and track support requests, incidents, and problems. These systems can be utilized for both internal end-users (within an organization) and external customers. Ticketing systems help organize, prioritize, and resolve issues efficiently. 

Ticket Management Process 

The basic process for handling tickets includes the following steps: 

1. User Contact: The user submits a support request through various channels, such as phone, email, or directly via the ticketing system. 

2. Ticket Creation: A unique job ticket ID is generated, and an agent is assigned to the ticket. 

3. Information Capture: The ticket includes details such as: 

a. User Information: Name, contact details, department, or job role. The system may link to an employee database or CRM system. 

b. Device Information: If applicable, the system records details about the user’s device, often using a service tag or asset ID to link to inventory records. 

4. Issue Description: The user provides a description of the problem. The agent may ask clarifying questions to ensure the problem is well-understood. 

5. Categorization and Urgency: The agent categorizes the ticket, assesses how urgent it is, and estimates the time required to resolve the issue. 

6. Initial Troubleshooting: The agent attempts to guide the user through basic troubleshooting. If unsuccessful, the ticket is escalated to deskside support or a senior technician. 

Ticket Categories 

Ticket categories and subcategories help group related issues, making it easier to assign them to the right technician or support team. They also help with reporting and analysis. 

Basic Ticket Types 

  1. Requests: These are for tasks with a standard operating procedure (SOP), such as setting up new user accounts, purchasing hardware/software, or deploying servers. More complex tasks that don’t fit established procedures should be treated as projects. 

  2. Incidents: Unexpected errors or problems encountered by users. Incidents are often categorized by severity (e.g., minor, major, critical). 

  3. Problems: These are the underlying causes of incidents. A problem ticket is often created when multiple incidents of the same type occur, and it requires deeper analysis and potential reconfiguration. 

Simplified Categories for End-Users 

End-users may not easily differentiate between incidents and problems. To streamline the process, simple top-level categories can be created for user selection, such as: 

  • New Device Request 

  • New App Request 

  • Employee Onboarding 

  • Employee Offboarding 

  • Help/Support 

  • Security Incident 

Once the ticket is assigned to a technician, more detailed subcategories can be added for reporting and analysis. 

Ticket Severity 

Severity levels help prioritize tickets based on the impact and urgency of the issue. These levels should remain simple to avoid confusion: 

  1. Critical: Incidents with widespread effects or involving potential/actual data breaches. 

  2. Major: Incidents affecting a limited group or involving a suspected security issue. 

  3. Minor: Incidents with little impact on operations or users. 

In systems managing a high volume of tickets, additional levels may be required to further prioritize issues. Severity levels can also trigger automatic notifications to senior technicians or managers for critical and major incidents. 

Additional Tools for Ticket Organization 

Keyword Tags: Some systems allow tickets to be tagged with keywords. This flexible system allows better organization but relies on technicians tagging tickets accurately. 

By categorizing tickets and assigning severity levels, ticketing systems help streamline support and improve efficiency across an organization. 

Ticket Management Process 

Once an incident or problem ticket is opened, the troubleshooting process begins. The system must continuously track the ownership (who is handling the ticket) and the status (what has been done). Each stage of this process requires clear communication, and tickets may pass through different escalation routes to ensure resolution. 

Escalation Levels in Ticket Management 

Escalation happens when an agent cannot resolve a ticket. Here are common reasons for escalation: 

  • The issue needs analysis by senior technicians or a third-party service. 

  • The ticket’s severity has increased, requiring the involvement of higher-level decision-makers. 

  • The issue requires input from other departments, such as sales or marketing for service complaints or refunds. 

Support teams are typically organized into tiers to streamline the escalation process: 

  • Tier 0: Self-service options, such as knowledge bases or help bots, are available to help customers resolve issues on their own. 

  • Tier 1: Customers are connected with an agent for initial diagnosis and resolution. 

  • Tier 2: If the issue remains unresolved, the agent escalates the ticket to senior technicians (Tier 2 Internal) or third-party support (Tier 2 External). 

  • Tier 3: The ticket is escalated to development or engineering teams, or to senior managers, for more complex problem-solving. 

Each ticket must have a clear owner, who is responsible for managing it and ensuring timely resolution. If the ticket is escalated, ownership may be reassigned. Regardless, the current owner must keep the ticket moving forward and update the user on its status. 

Clear Written Communication in Ticketing 

Good communication is essential throughout the ticket life cycle. Ticket systems usually include free-form text fields to document each stage of the process. These fields include: 

  • Problem Description: The initial request, including all relevant details provided at the time. 

  • Progress Notes: Updates on diagnostics, the identification of possible causes, and any troubleshooting steps taken. 

  • Problem Resolution: The final steps taken to resolve the issue, including testing to confirm the system is fully functional. This field also records user acceptance that the ticket can be closed. 

It's important that other agents, technicians, or managers who view the ticket can easily understand the issue and what has been done so far. This makes clear and concise written communication essential.

  • Clear: Use plain language, avoiding technical jargon unless necessary. 

  • Concise: Keep the writing brief, using short sentences and only including essential facts and actions. 

Incident Reports 

For critical and major incidents, a detailed incident report (also known as an After-Action Report or AAR) may be needed. These reports gather feedback from users, technicians, managers, and stakeholders to identify the root causes of the incident. The purpose is to suggest remediation steps or preventive measures to avoid future issues of the same kind. 

Key elements of an incident report include: 

  • Analyzing the underlying causes of the problem. 

  • Recommending steps to mitigate the risk of the issue recurring. 

Introduction to Asset Identification and Inventory 

Asset management is the process of tracking hardware and software resources to implement life-cycle procedures, such as provisioning, maintenance, and decommissioning. It is essential for an organization to keep an inventory of both tangible and intangible assets to ensure proper management of IT services. 

Tangible and Intangible Assets 

  • Tangible Assets: These include hardware components currently in use, as well as spare systems and parts kept for backup in case of system or component failure. 

  • Intangible Assets: These include software licenses and data assets, such as intellectual property (IP) and other critical digital resources. 

Asset Management Database Systems 

To manage and track assets efficiently, organizations use asset-management database systems. These systems store important details for each asset, such as: 

  • Type, model, serial number 

  • Asset ID 

  • Location and assigned user(s) 

  • Value and service information 

Advanced inventory management suites can scan the network and retrieve hardware and software data automatically, helping keep records up-to-date and accurate. 

Asset Tags and IDs 

Each asset needs a unique identifier (ID) to be properly tracked in the inventory database. The physical hardware must be tagged with this ID, either through: 

  • Barcodes: Simple labels that can be scanned for quick identification. 

  • RFID (Radio Frequency ID) tags: RFID chips that are programmed with asset information. When within range of a scanner, the RFID tag powers up and sends its data to the scanner, allowing for tracking of the asset’s location. 

This system improves asset tracking and can help reduce theft by monitoring the location of devices. 

Network Topology Diagrams 

A network topology diagram shows how assets are interconnected as nodes in the network. These diagrams are useful for understanding both physical and logical relationships between assets. 

Physical Network Topology:

This diagram shows the layout of cables, wall ports, patch panels, and switch/router ports. It details how devices are physically connected. 

Logical Network Topology:

This diagram represents how the network is structured in terms of security zones, virtual LANs (VLANs), and IP subnets. 

To avoid clutter, it is recommended to create separate diagrams for physical and logical topologies. Too much detail in one diagram can reduce clarity. 

Tools for Diagramming and Mapping 

  • Manual Tools: Tools like Microsoft Visio are commonly used to manually draw network diagrams. 

  • Automated Tools: Software such as SolarWinds Network Topology Mapper (NTM) can automatically compile topology diagrams based on network scans, making the process more efficient. 

By using asset identification systems, inventory management tools, and network topology diagrams, organizations can ensure that their IT infrastructure is effectively tracked and maintained. 

Introduction to Asset Documentation 

Asset documentation is essential for managing the entire lifecycle of hardware and software. This includes tracking how assets are approved, purchased, deployed, maintained, and eventually disposed of. Proper documentation helps ensure that all stages of the asset’s life cycle are carefully managed, from procurement to disposal. 

Asset Procurement Life Cycle 

The asset procurement life cycle involves several key stages, ensuring assets are managed efficiently and securely: 

  1. Change Procedures: Approves the request for a new or upgraded asset, considering the impacts on business operations, the network, and existing devices. 

  2. Procurement: Establishes a budget and selects a trusted supplier or vendor to purchase the asset. 

  3. Deployment: Outlines procedures for securely installing and configuring the asset. 

  4. Maintenance: Implements processes for monitoring, supporting, and maintaining the asset throughout its life cycle. 

  5. Disposal: Ensures proper sanitization of any data on the asset before reuse, sale, donation, recycling, or destruction. 

Warranty and Licensing 

Each asset record should include documentation related to its purchase, such as: 

  • Invoices and warranty/support contracts, including contact information for support. 

  • For software, details about licensing, including the number of allocated devices or users and any limitations. 

Assigned Users 

Assets may be assigned to individuals or groups within an organization: 

  • Individual Users: Workstations, laptops, smartphones, tablets, and software licenses might be assigned to a specific user account. 

  • Security Groups: Assets may be allocated to groups based on departments or job roles, especially in shared-use environments. For instance, shared equipment like servers, routers, and switches might be assigned to specific technicians or groups responsible for their management. This practice helps improve security by avoiding the use of shared default administrator accounts. 

Support Documentation and Knowledge Base Articles 

Linking assets to appropriate support documentation improves troubleshooting and maintenance: 

  • Product Documentation: Each asset should be linked to its setup guide, secure configuration template, and any relevant deployment checklists. 

  • Cross-Reference with Ticket Systems: By connecting the asset inventory with the ticket system, it is possible to analyze incidents and problems associated with specific assets. This allows agents to view the history of tickets related to each asset, which helps with troubleshooting and reporting. 

Knowledge Base (KB) Integration 

A knowledge base (KB) is a collection of articles that provide solutions to frequently asked questions (FAQs) and document common troubleshooting procedures. Cross-referencing the inventory with the internal KB helps technicians and users access self-service support. 

  • Tagging Assets with KB Articles: Each asset in the inventory can be linked to relevant KB articles to assist with troubleshooting. 

  • External Knowledge Resources: The asset notes field can link to external sources like blog posts, forum discussions, or articles related to asset support. It is important to evaluate the legitimacy of external sources, considering the author’s credentials and the accuracy of the content. 

By maintaining comprehensive asset documentation, organizations can ensure that assets are well-managed throughout their lifecycle, improving efficiency, security, and troubleshooting. 

Policy Documentation: Acceptable Use Policy (AUP) 

An Acceptable Use Policy (AUP) outlines the rules and guidelines for how individuals can use specific services or resources. It sets clear boundaries for what is considered acceptable use, whether for employees in a business environment or customers using services like Internet access. 

Purpose of an Acceptable Use Policy (AUP) 

AUPs are designed to protect organizations from security risks and legal issues that may arise from misuse of equipment or services. They establish the conditions under which resources like company networks, email systems, and Internet access can be used, ensuring that these resources are used in a manner that aligns with company policies and legal regulations. 

Examples of AUP Implementation 

  1. Business Context: An organization may use an AUP to govern how employees can use company-provided tools and services, such as phones, computers, or Internet access. The policy may specify when and how these resources can be used for personal activities or during non-working hours. 

  2. ISP Context: An Internet Service Provider (ISP) might enforce a Fair Use Policy, limiting how much bandwidth a customer can use to prevent abuse and ensure fair distribution of resources among all customers. 

Common Elements of an AUP 

An organization's AUP typically includes the following restrictions: 

  • Prohibited Activities: Misuse of company equipment for illegal activities, such as fraud, defamation, or accessing illegal content. 

  • Unauthorized Installations: Prohibits the installation of unauthorized hardware or software, which can introduce security risks. 

  • Intrusion Prevention: Explicitly forbids attempts to hack or snoop on the company's network or data. 

  • Usage Restrictions: Limits personal use of company resources, such as Internet browsing or using social media, to break times or work-related activities. 

Enforcing an AUP 

Enforcing an AUP ensures compliance and helps maintain security. To do this, organizations may use various tools and methods, such as: 

  • Regulatory Compliance: Implementing regulatory controls to meet legal and industry requirements. 

  • Login Splash Screens: Displaying reminders or notifications about data handling policies, security requirements, or other compliance-related instructions when users log into workstations or applications. 

By clearly defining what is and isn’t acceptable, an AUP helps protect both the organization and its employees from potential risks associated with improper use of IT resources. 

Summary 

This lesson on best practices for documentation and support systems shows how essential it is to have clear, structured procedures in place to manage IT resources effectively. By understanding key concepts like Standard Operating Procedures (SOPs), ticketing systems, and asset management, you’ll be able to create organized, secure, and efficient IT environments. These practices not only ensure smooth operations but also empower you to solve problems, support your team, and provide reliable service. Keep these principles in mind, and you’ll be ready to tackle challenges with confidence!