The OpsDesk blog.
Service-desk operations, SLAs, and lifecycle notes for the people who run IT.
- The dashboard is green because the VIPs scream: the quiet accounts breaching SLA in silence The desk hits 97% SLA attainment, but the number is an average. The COO later finds the three strategic accounts that don't escalate loudly are exactly the ones eating most of the breaches, because the desk optimizes for noise.
- The leaver who kept the company data on a personal phone: the offboarding step that wasn't a ticket Offboarding revoked the accounts but never addressed the BYOD device still holding cached mail and files. Months later that data surfaces, and under GDPR the director has to explain why personal devices weren't part of the leaver flow.
- The knowledge base everyone stopped trusting: when stale articles quietly tank first-contact resolution The director funded a knowledge base, but no article has been reviewed in two years. Agents stop using it, escalations climb, and the first-contact resolution rate the director reports as healthy has been falling for months.
- The shared admin account ten engineers use: when 'who made that change' has no answer A change broke production at 3am. The IT manager opens the audit log and every action is attributed to 'admin', shared across the whole team. The post-incident review can't establish who, and the next compliance audit flags it.
- When the audit trail can be edited, your evidence is worth nothing in the dispute A client disputes whether an SLA was met and whether an action was authorized. The manager pulls the ticket history, then realizes agents can edit timestamps and notes, so the 'audit trail' proves nothing in the contractual fight.
- The enterprise RFP you lost because you couldn't evidence your own service-management process The MSP owner pitches great service and loses the deal in procurement, where the buyer's questionnaire asks for documented SLA definitions, escalation matrices, and audit trails. 'We do it, we just don't document it' is a scored zero.
- The employee who changed roles four times and kept every permission: the mover nobody deprovisions Joiners and leavers get attention; movers accumulate. After four internal transfers, one user holds the combined access of every role they ever held, and the access review finds a toxic combination no policy would have approved.
- The same outage every Monday: when you close incidents but never open a problem The desk resolves the recurring ticket fast each time and feels productive, but no one owns the underlying problem. The director sees the same root cause in twelve incidents and asks why it was never fixed once.
- The outage where the fix took twenty minutes and the silence cost the contract Without a defined major-incident process, the service-desk manager has a technical resolution but no commander, no comms cadence, and no stakeholder updates. Clients judge the outage by the silence, not the MTTR.
- The monitoring tool that auto-renewed for another three years while you migrated off it Vendor contracts and their auto-renewal windows live in a finance folder, not the asset register, so the IT manager misses the 90-day notice window and pays for a tool the team stopped using last quarter.
- The unmanaged server no ticket ever touched, until it's the breach's entry point An asset that never made it into the CMDB gets no patch schedule, no owner, and no lifecycle. The director discovers it exists only in the incident report, where it's named as the unpatched box the attacker walked through.
- You have 40,000 tickets and nothing to show the board: when reporting was never designed in The COO asks for ticket trends, first-contact resolution, and SLA attainment by client for the QBR, and the manager spends a weekend in CSV exports because categories were free-text and no report was ever built.
- The new hire who couldn't log in for three days: when joiner provisioning is a manual chain of emails Operations directors obsess over leavers and forget joiners. A manual joiner flow means the new starter sits idle billing nothing for days, and the access eventually granted is over-broad because someone copied a peer's permissions.
- The escalation path that lives in one senior engineer's head, until the night they're on a plane When escalation is tribal knowledge rather than a configured rule, the P1 at 2am sits unrouted because the one person who knew who to call is unreachable. The director learns the escalation matrix was never written down.
- NIS2 quietly gave your MSP a 24-hour incident-reporting clock. Most owners never started it. Since October 2024, MSPs serving essential sectors must file an early warning within 24 hours and a full notification at 72. Owners who treat a breach as an internal firefight miss the regulator's clock, and fines reach €10m or 2% of turnover.
- No asset inventory, then a Microsoft true-up: the half-million-euro bill the IT manager never budgeted Without a CMDB tracking actual deployment, the IT manager has no defense when the vendor audit lands. Median M365 true-up findings run $300k-$500k for a mid-size estate, and over-deployed E5 features are the usual culprit.
- The leaver whose VPN still works six weeks later, until the SOC 2 auditor pulls the timestamps MSP owners pass SOC 2 on the policy and fail on the evidence: the auditor samples three terminated users and asks for timestamped proof access was revoked within hours. One dangling account is an operating-effectiveness exception.
- When every agent sets priority by gut feel, your P1 definition is whatever today's loudest customer says it is Without an enforced impact/urgency matrix, two agents triage identical incidents at P2 and P4, and the director discovers the inconsistency only when a 'minor' ticket turns out to be the outage that took down a key client.
- Your SLA clock starts when the ticket arrives, not when someone acknowledges it. Most managers measure the wrong one. Service-desk managers report green SLA dashboards while customers churn, because the tool measures time-to-acknowledge and the contract measures time-to-resolve. The gap is where the renewal dies.