> ## Documentation Index
> Fetch the complete documentation index at: https://unko.design/llms.txt
> Use this file to discover all available pages before exploring further.

# Operations Strand

> How work gets done internally

***

# Operations Strand – The Internal Execution OS

**Your strategy is only as real as your operations.**

The **Operations Strand** defines **how the company actually works every day**:

* how people are coordinated,
* how work moves from idea to shipped,
* how incidents are handled,
* how vendors, security, finance, and people systems stay in sync.

If Product is *what* you build and Tech is *how* it runs,\
***Operations is how it all moves together without chaos***.

***

## 🧪 Workshop Meta – How to Design the Operations Strand

**Framework version:** `operations-strand-v1.0`

**Templates this strand covers**

* Operational Purpose
* Org Structure
* Rituals & Cadences
* Cross-Functional Collaboration
* Execution Systems
* Release & Deployment Process
* Internal Communication
* Incident Management
* Vendor & Partner Operations
* Security & Compliance Operations
* People Ops & HR Operations
* Finance & Legal Ops
* Risk & Decision Frameworks

**Who should be in the room**

* COO & operations leadership
* Product & engineering leaders
* HR / People
* Legal & security
* Finance / BizOps

**Facilitation notes**

* Start from **real workflows**:
  * incident response,
  * shipping new features,
  * onboarding employees,
  * fiscal planning.
* This strand defines **how the company actually works every day** —\
  think of it as the **OS of internal execution**.

***

## 🎯 Purpose & Role – Why Operations Exists

**Guiding question**

> *Why does Operations exist?*

**Core answer**

Operations ensures the company runs **predictably, safely, and efficiently**.\
It coordinates **people, processes, tools, and decision structures** so the company can **scale without chaos**.

Operations is the **connective tissue** synchronizing:

* product,
* engineering,
* sales,
* customer success,
* finance,
* people,
* security.

**Objectives**

* Create processes that **scale with the company**, not against it.
* Remove friction from **cross-functional work**.
* Ensure **predictable shipping, reliability, and support**.
* Protect the company via **compliance, security, and risk management**.
* Maintain **operational clarity** as the org grows.

***

## 🏛 Org Structure – How Operations Is Shaped

**Guiding question**

> *How is the operational organization structured?*

### Product Operations

**Responsibilities**

* Roadmap coordination.
* Product launch readiness.
* User feedback systems.
* Cross-functional alignment.

***

### Engineering Operations (EngOps)

**Responsibilities**

* Developer productivity.
* CI/CD & tooling.
* On-call processes.
* Infrastructure coordination.
* Incident response frameworks.

***

### Customer Operations (CustOps)

**Responsibilities**

* Support systems.
* Service workflows.
* Customer health and adoption.

***

### Security Operations (SecOps)

**Responsibilities**

* Threat detection.
* Compliance enforcement.
* Access management.
* Security incident response.

***

### Revenue Operations (RevOps)

**Responsibilities**

* Sales forecasting.
* Pipeline health.
* Billing & monetization systems.

***

### People Operations (PeopleOps)

**Responsibilities**

* Hiring systems.
* Onboarding.
* Career frameworks.
* Compensation modeling.

***

### Business Operations (BizOps)

**Responsibilities**

* Strategic analysis.
* Goal planning.
* Cross-company prioritization.

<info>
  Each Ops function is a **subsystem in the Execution OS**.\
  Clarity on **who owns what** prevents “everyone kind of owns it” — which means *no one* does.
</info>

***

## ⏰ Operational Rituals – The Cadence of the Company

**Weekly**

* Team stand-ups.
* Cross-functional syncs (product + eng + design).
* Incident review meetings.
* Support + product friction reviews.
* Goal progress updates.

**Monthly**

* Roadmap review.
* Business health metrics.
* Customer insights analysis.
* Security review.
* Recruiting pipeline review.

**Quarterly**

* Company-wide OKR review.
* Planning for next quarter.
* Budget & resource allocation.
* Technical debt prioritization.
* Compliance & audit check-ins.

***

## 🤝 Cross-Functional Collaboration – How Work Actually Moves

**Guiding question**

> *How do teams collaborate effectively?*

### Systems

* Shared **Slack channels** for each initiative.
* Slack Connect for **external partners**.
* Asana / Jira for **project management**.
* Google Workspace for documents.
* Centralized **internal wiki** for knowledge.

### Rules

* **One owner** per initiative, many collaborators.
* Decisions documented in **Slack channels or internal wiki**.
* Cross-functional leads meet weekly during **high-impact launches**.
* **Slack-first communication** before meetings.

### Anti-patterns

* Multiple owners.
* Decision-making inside **private DMs**.
* Undocumented cross-team agreements.
* “Shadow” processes outside shared tools.

<warning>
  If decisions live in **DMs and people’s heads**,\
  you don’t have collaboration — you have **operational dark matter**.
</warning>

***

## 🚀 Execution Systems – How Ideas Become Shipped Reality

**Product development framework:**\
**Modified dual-track agile** – continuous discovery + continuous delivery.

### Core Tools

* Jira for engineering execution.
* Figma for design.
* Slack for alignment + async debate.
* GitHub for code reviews and version control.

### Stages of Work

1. Problem definition
2. Design exploration
3. Technical scoping
4. Implementation
5. Testing
6. Launch readiness
7. Release
8. Post-release monitoring

### Definition of Done

A change is only “done” when:

* Meets acceptance criteria.
* Passes **accessibility checks**.
* Docs are updated.
* Support is ready (macros, known issues).
* Logs + metrics **instrumented**.
* **Feature flags** exist.
* Incident alerting **configured**.

***

## 🚢 Release & Deployment – How Shipping Works

### Pipeline

1. **Commit → CI → Automated tests**.
2. Staging environment → QA.
3. **Gradual rollout via feature flags**.
4. Monitoring + rollback capability.
5. Full deployment after **stability confirmation**.

### Principles

* Small, **frequent releases** reduce risk.
* Feature flags for all **user-facing changes**.
* Automated tests prevent regressions.
* Rollback must be **instant and safe**.

### Responsibilities

* **Product**
  * Owns definition, acceptance criteria, launch messaging.
* **Engineering**
  * Owns quality, deployment, monitoring.
* **Support**
  * Prepared with macros, scripts, troubleshooting guides.

***

## 💬 Internal Communication – How Information Flows

### Channels

* Company-wide announcements channel.
* Team channels with **weekly summaries**.
* Project-specific channels.
* Docs in internal wiki.
* Async updates via **Slack canvases**.

### Principles

* Document decisions in **public channels**, not private chat.
* Over-communicate during **high-risk / high-impact** projects.
* **Summaries** over raw message floods.
* **Async-first** – meetings only when truly needed.

***

## 🚨 Incident Management – How You Handle “Oh Shit” Moments

### Incident Severity Levels

* **SEV0** — complete outage or security breach.
* **SEV1** — severe degradation.
* **SEV2** — functional but impaired.
* **SEV3** — minor impact.

### Response Process

1. On-call engineer **paged automatically**.
2. Incident **lead + scribe** assigned.
3. Dedicated Slack incident channel created.
4. Status page updated (if needed).
5. Customer communication via **predefined templates**.
6. Root-cause analysis within **48 hours**.

### Post-incident Practices

* **Blameless postmortems**.
* Actionable follow-up tasks.
* Engineering retro.
* Documentation updates.

<info>
  Incidents are **tuition payments** to reality.\
  The Operations Strand decides whether you **learn from them** or just **survive them**.
</info>

***

## 🤝 Vendor & Partner Operations – Your External Dependencies

### Critical Vendors

* Cloud providers.
* CI/CD services.
* Security scanning tools.
* Observability platforms.
* Support ticketing systems.
* Payment processors.

### Vendor Management Practices

* Annual reviews.
* Security questionnaires.
* SLA monitoring.
* Cost optimization.
* Compliance audits.

***

## 🔐 Security & Compliance Operations – Guardrails by Design

### Responsibilities

* Access management (SSO, role-based access).
* Pen tests and vulnerability management.
* Privacy reviews of new features.
* Compliance audits (SOC2, ISO, FedRAMP, etc.).
* Data residency enforcement.
* Security training for employees.

### Principles

* Security embedded **early** in development.
* Privileged access reviewed **weekly**.
* **Zero-trust** network assumptions.
* **Data minimization** wherever possible.

***

## 🧑‍🤝‍🧑 People Operations – How Humans Enter, Grow, and Stay

### Hiring Process

1. Role definition.
2. Structured interviews.
3. Skill evaluation.
4. Values & collaboration assessment.
5. Offer approval.
6. Onboarding checklist.

### Onboarding

* Slack workspace setup.
* Tooling access.
* Team introductions.
* Role-specific training.
* First-week goals.

### Performance Management

* Quarterly reviews.
* Career ladders.
* Compensation cycles.
* Promotion criteria.
* Performance improvement processes.

### Culture Principles

* Empathy.
* Courtesy.
* Craftsmanship.
* Playfulness without distraction.
* Transparent communication.

***

## 💸 Finance & Legal Ops – How the Company Stays Sane on Money & Risk

### Finance

* Budget planning.
* Cost control.
* Scenario modeling.
* SaaS vendor consolidation.
* Revenue forecasting.
* Expense approvals.

### Legal

* Contract review.
* Regulatory compliance.
* Data processing agreements.
* Risk management.
* IP protection.
* Vendor security terms.

***

## ⚖️ Risk & Decision Frameworks – How Decisions Are Made Safely

### Decision-Making

* **RACI** for major initiatives.
* Written docs for all decisions **above medium risk**.
* Async-first decisions with **clear deadlines**.
* Escalate when blocked for **> 48 hours**.

### Risk Types

* Technical risk.
* Operational risk.
* Security risk.
* Legal / compliance risk.
* Reputational risk.

### Risk Controls

* Checklists for **major launches**.
* Performance / load testing pre-release.
* Security reviews pre-launch.
* Runbooks for **outage scenarios**.

***

## 🧙‍♂️ Operations Archetype – Who Ops “Is” as a Character

**Guiding question**

> *What character best represents Operations?*

* **Primary archetype:** **Architect**
* **Secondary archetype:** **Orchestrator**

**Rationale**

> Operations designs the **invisible structures** and keeps all moving parts synchronized,\
> ensuring **stability and clarity** as the company scales.

***

## 🧩 How to Use This Operations Strand in Practice

1. **Map your current reality**
   * Track a feature from **idea → shipped → incident → improvement**.
   * Track an incident from **alert → RCA → follow-up**.
2. **Document your rituals & responsibilities**
   * Make every recurring meeting have a **clear purpose**.
   * Map each Ops function to **explicit responsibilities**.
3. **Codify your execution + incident playbooks**
   * Turn your real-world workflows into **stages and checklists**.
   * Ensure “Definition of Done” includes **support, metrics, risk**.
4. **Wire in security, people, finance, legal**
   * Make sure major launches **touch all four** where relevant.
   * Build shared checklists and **sign-off gates**.
5. **Review quarterly**
   * Treat Operations as a **product**:
     * reduce friction,
     * remove waste,
     * improve clarity.

***

```json theme={null}
{
  "operations_strand": {
    "workshop_meta": {
      "framework_version": "operations-strand-v1.0",
      "source_templates": [
        "Operational Purpose",
        "Org Structure",
        "Rituals & Cadences",
        "Cross-Functional Collaboration",
        "Execution Systems",
        "Release & Deployment Process",
        "Internal Communication",
        "Incident Management",
        "Vendor & Partner Operations",
        "Security & Compliance Operations",
        "People Ops & HR Operations",
        "Finance & Legal Ops",
        "Risk & Decision Frameworks"
      ],
      "facilitation_notes": [
        "Run with COO, operations leadership, product, engineering, HR, legal, security.",
        "Start with real workflows: incident response, shipping new features, onboarding employees, fiscal planning.",
        "This JSON defines *how the company actually works every day* — the OS of internal execution."
      ]
    },

    "purpose_and_role": {
      "question": "Why does Operations exist?",
      "answer": "Operations ensures that Slack runs predictably, safely, and efficiently. It coordinates people, processes, tools, and decision-making structures so the company can scale without chaos. Operations is the connective tissue that synchronizes product, engineering, sales, success, finance, people, and security.",
      "objectives": [
        "Create processes that scale with the company.",
        "Remove friction from cross-functional work.",
        "Ensure predictable shipping, reliability, and support.",
        "Protect the company through compliance, security, and risk management.",
        "Maintain operational clarity as the organization grows."
      ]
    },

    "org_structure": {
      "question": "How is the operational organization structured?",
      "departments": [
        {
          "name": "Product Operations",
          "responsibilities": [
            "Roadmap coordination",
            "Product launch readiness",
            "User feedback systems",
            "Cross-functional alignment"
          ]
        },
        {
          "name": "Engineering Operations (EngOps)",
          "responsibilities": [
            "Developer productivity",
            "CI/CD & tooling",
            "On-call processes",
            "Infrastructure coordination",
            "Incident response frameworks"
          ]
        },
        {
          "name": "Customer Operations (CustOps)",
          "responsibilities": [
            "Support systems",
            "Service workflows",
            "Customer health and adoption"
          ]
        },
        {
          "name": "Security Operations (SecOps)",
          "responsibilities": [
            "Threat detection",
            "Compliance enforcement",
            "Access management",
            "Security incident response"
          ]
        },
        {
          "name": "Revenue Operations (RevOps)",
          "responsibilities": [
            "Sales forecasting",
            "Pipeline health",
            "Billing + monetization systems"
          ]
        },
        {
          "name": "People Operations (PeopleOps)",
          "responsibilities": [
            "Hiring systems",
            "Onboarding",
            "Career frameworks",
            "Compensation modeling"
          ]
        },
        {
          "name": "Business Operations (BizOps)",
          "responsibilities": [
            "Strategic analysis",
            "Goal planning",
            "Cross-company prioritization"
          ]
        }
      ]
    },

    "operational_rituals": {
      "weekly": [
        "Team stand-ups",
        "Cross-functional syncs (product + eng + design)",
        "Incident review meetings",
        "Support + product friction reviews",
        "Goal progress updates"
      ],
      "monthly": [
        "Roadmap review",
        "Business health metrics",
        "Customer insights analysis",
        "Security review",
        "Recruiting pipeline review"
      ],
      "quarterly": [
        "Company-wide OKR review",
        "Planning for next quarter",
        "Budget & resource allocation",
        "Technical debt prioritization",
        "Compliance & audit check-ins"
      ]
    },

    "cross_functional_collaboration": {
      "question": "How do teams collaborate effectively?",
      "systems": [
        "Shared Slack channels for each initiative",
        "Slack Connect for external partners",
        "Asana/Jira for project management",
        "Google Workspace for documents",
        "Centralized internal wiki for knowledge"
      ],
      "rules": [
        "One owner per initiative, many collaborators.",
        "Decisions documented in Slack channels or internal wiki.",
        "Cross-functional leads meet weekly during high-impact launches.",
        "Slack-first communication before meetings."
      ],
      "anti_patterns": [
        "Multiple owners",
        "Decision-making inside private DMs",
        "Undocumented cross-team agreements",
        "“Shadow” processes outside shared tools"
      ]
    },

    "execution_systems": {
      "product_development_framework": "Modified dual-track agile: continuous discovery + continuous delivery.",
      "tools": [
        "Jira for engineering execution",
        "Figma for design",
        "Slack for alignment",
        "Github for code reviews and version control"
      ],
      "stages": [
        "Problem definition",
        "Design exploration",
        "Technical scoping",
        "Implementation",
        "Testing",
        "Launch readiness",
        "Release",
        "Post-release monitoring"
      ],
      "definition_of_done": [
        "Meets acceptance criteria",
        "Passes accessibility checks",
        "Docs updated",
        "Support ready",
        "Logs + metrics instrumented",
        "Feature flags available",
        "Incident alerting configured"
      ]
    },

    "release_and_deployment": {
      "pipeline": [
        "Commit → CI → Automated tests",
        "Staging environment → QA",
        "Gradual rollout via feature flags",
        "Monitoring + rollback capability",
        "Full deployment after stability confirmation"
      ],
      "principles": [
        "Small, frequent releases reduce risk.",
        "Feature flags for all user-facing changes.",
        "Automated tests prevent regressions.",
        "Rollback must be instant and safe."
      ],
      "responsibilities": {
        "product": "Owns definition, acceptance, launch messaging.",
        "engineering": "Owns quality, deployment, monitoring.",
        "support": "Prepared with macros, scripts, troubleshooting guides."
      }
    },

    "internal_communication": {
      "channels": [
        "Company-wide announcements channel",
        "Team channels with weekly summaries",
        "Project-specific channels",
        "Docs in internal wiki",
        "Asynchronous updates via Slack canvases"
      ],
      "principles": [
        "Document decisions in public channels, not private chat.",
        "Over-communicate during high-risk or high-impact projects.",
        "Summaries over raw message threads.",
        "Async-first: meetings only when truly needed."
      ]
    },

    "incident_management": {
      "incident_severity_levels": [
        "SEV0 — complete outage or security breach",
        "SEV1 — severe degradation",
        "SEV2 — functional but impaired",
        "SEV3 — minor impact"
      ],
      "response_process": [
        "On-call engineer paged automatically",
        "Incident lead + scribe assigned",
        "Dedicated Slack channel created",
        "Status page updated (if needed)",
        "Customer communication through predefined templates",
        "Root-cause analysis within 48 hours"
      ],
      "post_incident_practices": [
        "Blameless postmortems",
        "Actionable follow-up tasks",
        "Engineering retro",
        "Documentation updates"
      ]
    },

    "vendor_and_partner_operations": {
      "critical_vendors": [
        "Cloud providers",
        "CI/CD services",
        "Security scanning tools",
        "Observability platforms",
        "Support ticketing systems",
        "Payment processors"
      ],
      "vendor_management": [
        "Annual reviews",
        "Security questionnaires",
        "SLA monitoring",
        "Cost optimization",
        "Compliance audits"
      ]
    },

    "security_and_compliance_operations": {
      "responsibilities": [
        "Access management (SSO, role-based access)",
        "Pen tests and vulnerability management",
        "Privacy reviews of new features",
        "Compliance audits (SOC2, ISO, FedRAMP)",
        "Data residency enforcement",
        "Security training for employees"
      ],
      "principles": [
        "Security embedded early in development.",
        "Privileged access reviewed weekly.",
        "Zero-trust network assumptions.",
        "Data minimization everywhere possible."
      ]
    },

    "people_operations": {
      "hiring_process": [
        "Role definition",
        "Structured interviews",
        "Skill evaluation",
        "Values & collaboration assessment",
        "Offer approval",
        "Onboarding checklist"
      ],
      "onboarding": [
        "Slack workspace setup",
        "Tooling access",
        "Team intro",
        "Role-specific training",
        "First week goals"
      ],
      "performance_management": [
        "Quarterly reviews",
        "Career ladders",
        "Compensation cycles",
        "Promotion criteria",
        "Performance improvement processes"
      ],
      "culture_principles": [
        "Empathy",
        "Courtesy",
        "Craftsmanship",
        "Playfulness without distraction",
        "Transparent communication"
      ]
    },

    "finance_and_legal_ops": {
      "finance": [
        "Budget planning",
        "Cost control",
        "Scenario modeling",
        "SaaS vendor consolidation",
        "Revenue forecasting",
        "Expense approvals"
      ],
      "legal": [
        "Contract review",
        "Regulatory compliance",
        "Data processing agreements",
        "Risk management",
        "IP protection",
        "Vendor security terms"
      ]
    },

    "risk_and_decision_frameworks": {
      "decision_making": [
        "RACI for major initiatives",
        "Docs for all decisions above medium risk",
        "Async-first decisions with clear deadlines",
        "Escalate when blocked >48 hours"
      ],
      "risk_types": [
        "Technical risk",
        "Operational risk",
        "Security risk",
        "Legal/compliance risk",
        "Reputational risk"
      ],
      "risk_controls": [
        "Checklists for major launches",
        "Performance/load testing pre-release",
        "Security reviews pre-launch",
        "Runbooks for outage scenarios"
      ]
    },

    "operations_archetype": {
      "question": "What character best represents Operations?",
      "primary_archetype": "Architect",
      "secondary_archetype": "Orchestrator",
      "rationale": "Operations designs the invisible structures and keeps all moving parts synchronized, ensuring stability and clarity as the company scales."
    }
  }
}
```
