A tribute to the original OpsReportCard.com—now unavailable but still cherished by IT ops teams.
Recreated with 💙 by Stitchflow
The Operations Report Card
32 yes/no habits that separate high- from low-performing IT ops teams
How'd you like to read?
ChecklistFlash Cards
Your Ops Score
Export Results
0%
0Yes
0No
32Yet to answer
A. Public Facing Practices
Q1. Are user requests tracked via a ticket system?
This is so basic it pains me that I have to explain it.
Q2. Are "the 3 empowering policies" defined and published?
There are three public-facing policies you must have if a sysadmin team is going to be able to get any work done.
Q3. Does the team record monthly metrics?
You need to be data-driven when you make decisions or sway upper levels of management.
B. Modern Team Practices
Q4. Do you have a "policy and procedure" wiki?
Your team needs a wiki.
Q5. Do you have a password safe?
This shows you have a mature way to manage passwords.
Q6. Is your team's code kept in a source code control system?
When installing a new machine is an API call, we're all programmers now.
Q7. Does your team use a bug-tracking system for their own code?
Bug-tracking systems are different than ticket systems.
Q8. In your bugs/tickets, does stability have a higher priority than new features?
Adding new features is more fun than fixing bugs.
Q9. Does your team write "design docs?"
Good sysadmin teams "think before they do." On a larger team it is important to communicate what you are about to do, or what you have done.
Q10. Do you have a "post-mortem" process?
After a failure do you write up what happened so you can learn from it or do you just hope nobody notices and that it will all go away?
C. Operational Practices
Q11. Does each service have an OpsDoc?
Your DNS server dies.
Q12. Does each service have appropriate monitoring?
It isn't a service if it isn't monitored.
Q13. Do you have a pager rotation schedule?
Do you have a pager rotation schedule or are you a sucker that is simply on-call forever?
Q14. Do you have separate development, QA, and production systems?
Developers do their work on their development servers.
Q15. Do roll-outs to many machines have a "canary process?"
Suppose you have to roll out a change to 500 machines.
D. Automation Practices
Q16. Do you use configuration management tools like cfengine/puppet/chef?
Config Management (CM) software is a tool that coordinates the configuration of machines.
Q17. Do automated administration tasks run under role accounts?
Often we set up automated procedures that run at predetermined times.
Q18. Do automated processes that generate e-mail only do so when they have something to say?
Do you know the story of "The Boy Who Cried Wolf"?
E. Fleet Management Processes
Q19. Is there a database of all machines?
Every site should know what machines it has.
Q20. Is OS installation automated?
Automated OS installations are faster, more consistent, and let the users do one more task so you don't have to.
Q21. Can you automatically patch software across your entire fleet?
If OS installation is automated then all machines start out the same.
Q22. Do you have a PC refresh policy?
If you don't have a policy about when PC will be replaced, they'll never be replaced.
F. Disaster Preparation Practices
Q23. Can your servers keep operating even if 1 disk dies?
It used to be that if there was one broken component in a computer, you had an outage.
Q24. Is the network core N+1?
An outage for one person is a shame.
Q25. Are your backups automated?
This question assumes you are doing backups.
Q26. Are your disaster recovery plans tested periodically?
The last section was a bit of a lie.
Q27. Do machines in your data center have remote power / console access?
This needs little explanation.
G. Security Practices
Q28. Do Desktops/laptops/servers run self-updating, silent, anti-malware software?
Viruses and malware are a fact of life.
Q29. Do you have a written security policy?
Looking at existing policies is a good way to get ideas.
Q30. Do you submit to periodic security audits?
This needs little explanation.
Q31. Can a user's account be disabled on all systems in 1 hour?
This indicates a lot more about your team and the environment you run than just whether or not you can disable an account.
Q32. Can you change all privileged (root) passwords in 1 hour?
This also indicates a lot more than what the question specifically asks.