IT Helpdesk Playbook

This IT Helpdesk Playbook, prepared by Alex Arda Akyuz, M.S., for CyberFX Secure (a division of SecureLearn), serves as a comprehensive guide for standardizing technical support operations.

Below is a summary of the core sections and protocols detailed in the document:

1. Mission and Service Level Agreements (SLAs)

The helpdesk's mission is to provide fast, professional support to minimize downtime and ensure a secure digital environment. Support is structured into three tiers:

• Tier 1: General support available Monday–Friday, 7:00 AM–6:00 PM.

• Tier 2: Technical escalation available Monday–Friday, 8:00 AM–5:00 PM.

• Emergency: Critical support available 24/7/365 via an on-call rotation.

• Response Targets: P1 (Critical) incidents require a 15-minute response and a 2-hour resolution target.

2. Incident Management Workflow

Every request follows a six-stage lifecycle: Intake, Triage, Assign, Work, Resolve, and Close.

• Categorization: Tickets are sorted into categories such as Access & Identity, Hardware, and Security Incidents.

• Mandatory Fields: Tickets must include reporter details, device information, business impact, and steps already attempted.

• Security Priority: Any ticket involving data exposure or malware must be tagged as a Security Incident immediately, regardless of its perceived severity.

3. Standard Operating Procedures (SOPs)

The playbook provides step-by-step instructions for common IT tasks:

• Account Provisioning: Outlines creating Active Directory accounts using the [FirstInitial][LastName] naming convention and enforcing MFA.

• Hardware Troubleshooting: Focuses on physical connection checks, remote diagnosis, and updating the asset inventory.

• VPN Management: Covers installation for new users and troubleshooting steps for connectivity or MFA issues.

• Password Resets: Requires identity verification using two factors before delivering temporary credentials via a secure channel.

4. Escalation and Communication

• Escalation Matrix: Tickets must be escalated if an SLA breach is within 30 minutes, if the issue affects more than five users, or if Tier 1 cannot determine a root cause within two hours.

• Templates: The document provides standardized templates for initial acknowledgments, status updates, resolution notifications, and major incident staff communications.

5. Knowledge Base (KB) and Performance Metrics

• Knowledge Management: A new KB article is required if an issue occurs more than twice in 30 days or when new systems are deployed.

• Performance Tracking: Success is measured through several Key Performance Indicators (KPIs), including First Contact Resolution (target >75%), Customer Satisfaction (>90%), and SLA Compliance (>95%).