Contents/Score Card

A list of all the practices in order with an extra column so that you can record where you are up to.

Practice Status
Are User Requests Tracked Via A Ticket System?  
Are “The 3 Empowering Policies” Defined And Published?  
Does The Team Record Monthly Metrics?  
Do You Have A “Policy And Procedure” Wiki?  
Do You Have A Password Safe?  
Is Your Team’s Code Kept In A Source Code Control System?  
Does Your Team Use A Bug-Tracking System For Their Own Code?  
In Bugs/Tickets Does Stability Have A Higher Priority Than New Features?  
Does Your Team Write “Design Docs?”  
Do You Have A “Post-Mortem” Process?  
Does Each Service Have An Opsdoc?  
Does Each Service Have Appropriate Monitoring?  
Do You Have A Pager Rotation Schedule?  
Do You Have Separate Development, Qa, And Production Systems?  
Do Roll-Outs To Many Machines Have A “Canary Process?”  
Do You Use Configuration Management Tools Like Ansible/Puppet/Chef?  
Do Automated Administration Tasks Run Under Role Accounts?  
Do Automated Processes That Generate E-Mail Have Something To Say?  
Is There A Database Of All Machines?  
Is Os Installation Automated?  
Can You Automatically Patch Software Across Your Entire Fleet?  
Do You Have A Pc Refresh Policy?  
Can Your Servers Keep Operating Even If 1 Disk Dies?  
Is The Network Core N+1?  
Are Your Backups Automated?  
Are Your Disaster Recovery Plans Tested Periodically?  
Do Machines In Your Data Center Have Remote Power/Console Access?  
Do all Machines Run Self-Updating, Silent, Anti-Malware Software?  
Do You Have A Written Security Policy?  
Do You Submit To Periodic Security Audits?  
Can A User’s Account Be Disabled On All Systems In 1 Hour?  
Can You Change All Privileged (Root/) Passwords In 1 Hour?