Operating procedures (the "how") that implement the policies (the "what
and why"). Each runbook is referenced from at least one policy and from
the Statement of Applicability, so that an auditor can trace a control
from policy → procedure → record.
| Runbook | Implements | Status |
|---|---|---|
| Restore procedure | Backup Policy; A.8.13 | Draft |
| Customer onboarding (planned) | Supplier mgmt; A.5.20 | — |
| Customer offboarding (planned) | GDPR Art. 17, 28; A.5.34, A.8.10 | — |
| Backup configuration (planned) | Backup Policy; A.8.13 | — |
| Ransomware response (planned) | Incident Response Policy; A.5.26 | — |
| Tenant wiki provisioning (planned) | (Internal tooling) | — |