Playbooks

Playbooks are structured, versioned Standard Operating Procedures (SOPs) that define how your organization responds to specific incident scenarios. They provide a consistent, repeatable approach to incident management.

What are Playbooks?

A playbook is a collection of scenarios, each containing a checklist of tasks that should be completed during an incident. Playbooks help ensure:

• Consistency - Every incident is handled the same way
• Compliance - Tasks are mapped to regulatory requirements
• Training - New team members learn correct procedures
• Accountability - Track who completed what and when

Playbook Structure

Playbook
├── Version 1
│   ├── Scenario: Database Outage
│   │   ├── Task: Verify backup status
│   │   ├── Task: Notify stakeholders
│   │   └── Task: Begin recovery procedures
│   └── Scenario: Network Failure
│       ├── Task: Isolate affected systems
│       └── Task: Engage network team
└── Version 2
    └── (Updated scenarios and tasks)

Creating a Playbook

Step 1: Navigate to Playbooks

Click Playbooks in the sidebar to view your organization's playbooks.

Step 2: Create New Playbook

Click + New Playbook to start creating a playbook. You have three options:

Option A: Create Manually

Build your playbook from scratch:

1. Enter playbook name and description
2. Add scenarios for different incident types
3. Add tasks to each scenario
4. Save as Version 1

Option B: Import from PDF

Upload an existing SOP document:

1. Click Import from PDF
2. Select a PDF file containing your procedures
3. AI will parse the document and extract:
   • Playbook name and description
   • Scenarios with titles and descriptions
   • Individual tasks with success criteria
   • Compliance framework requirements (if detected)
4. Review and edit the parsed content
5. Save the playbook

Tip: PDFs with clear headings and numbered lists produce better results.

Option C: Import from Integration

Import from connected document sources:

1. Click Import from Integration
2. Select the integration (Google Docs, Confluence, Notion, SharePoint)
3. Choose the document to import
4. AI will parse and structure the content
5. Review and save

Managing Scenarios

Adding Scenarios

Each playbook contains one or more scenarios representing different incident types:

1. Click + Add Scenario within a playbook
2. Enter scenario title (e.g., "Production Database Outage")
3. Add optional description
4. Add tasks to the scenario

Editing Scenarios

1. Open the playbook detail page
2. Click on a scenario to expand it
3. Edit title, description, or tasks inline
4. Click Save to save changes

Removing Scenarios

1. Click the trash icon next to the scenario
2. Confirm deletion
3. Save the playbook

Warning: Removing scenarios may affect simulation references. Consider archiving the playbook instead.

Managing Tasks

Task Properties

Each task has the following properties:

Adding Tasks

1. Click + Add Task within a scenario
2. Enter task text (what needs to be done)
3. Optionally add:
   • Success criteria (how to verify completion)
   • SLA target (time limit)
   • Compliance tags (regulatory mappings)

Task Best Practices

• Be Specific: "Notify security team via Slack #security-incidents" is better than "Notify team"
• Define Success: Include measurable success criteria when possible
• Set Realistic SLAs: Base time targets on actual performance data
• Map Compliance: Tag tasks that satisfy regulatory requirements

Compliance Framework Requirements

Playbook tasks can be tagged with compliance framework requirements to track regulatory coverage during incidents and simulations.

What are Compliance Tags?

Compliance tags link playbook tasks to specific requirements from compliance frameworks (e.g., GDPR Article 33, SOC 2 CC7.4, ISO 27001 A.16.1.5). When tasks are completed during an incident or simulation, Tectra automatically tracks which compliance requirements have been satisfied.

Setting Up Compliance Frameworks

Before adding compliance tags to playbook tasks, you need to create compliance frameworks:

1. Navigate to Compliance in the sidebar
2. Click + New Framework
3. Enter framework name (e.g., "GDPR", "SOC 2 Type II")
4. Add requirements with:
   • Requirement ID (e.g., "Art. 33", "CC7.4")
   • Requirement Name (e.g., "Breach Notification")
   • Description (optional)
5. Save the framework

Adding Compliance Tags to Tasks

Once frameworks are configured:

1. Edit a playbook task
2. Click Add Compliance Requirement
3. Select a framework from the dropdown
4. Select the specific requirement
5. The tag will display as: [Framework] - Requirement Name - ID

Example Tags:

• [GDPR] - Breach Notification - Art. 33
• [SOC 2] - Incident Response - CC7.4
• [ISO 27001] - Information Security Incident Management - A.16.1.5

Viewing Compliance Tags

Compliance tags appear as chips on tasks in:

• Playbook detail view (read-only mode)
• Playbook edit mode
• Incident playbook scenarios
• Simulation reports

Compliance Coverage in Simulations

When running simulations with playbook scenarios:

1. Tasks completed during the simulation are tracked
2. Compliance tags on completed tasks are aggregated
3. The simulation report shows:
   • Compliance Coverage: Percentage of framework requirements met
   • Evidence: Which tasks satisfied which requirements
   • Gaps: Requirements not covered by completed tasks

Important: If you're not seeing compliance coverage in simulation reports, ensure your playbook tasks have compliance tags assigned. See Troubleshooting for details.

Playbook Versioning

Why Version Playbooks?

Versioning allows you to:

• Track Changes - See how procedures evolved over time
• Maintain History - Keep audit trail of previous versions
• Preserve References - Incidents linked to old versions remain valid

Creating a New Version

When editing a playbook, you can:

1. Save New Version - Creates a new version number (v1 → v2)
2. Overwrite Current Version - Updates the current version in place

Recommendation: Use "Save New Version" for significant changes. Use "Overwrite" for minor fixes.

Version Numbering

• Versions are numbered sequentially: v1, v2, v3...
• Each version has a name (e.g., "Initial Release", "Q1 2025 Update")
• All versions are preserved for audit purposes

Viewing Version History

1. Open playbook detail page
2. Click the version dropdown
3. Select a version to view its content
4. Compare versions to see changes

Linking Playbooks to Incidents

Manual Linking

During an incident:

1. Open the incident detail page
2. Click Link Playbook
3. Select a playbook and version
4. Choose specific scenarios to link
5. Tasks from linked scenarios appear in the incident

Automatic Linking via Workflows

Configure workflows to automatically link playbooks:

1. Create a workflow triggered by incident creation
2. Add a "Link Playbook" action
3. Configure which playbook/scenario to link based on incident type

Task Completion Tracking

Once linked, tasks can be:

• Completed Manually - Team member marks task done
• Completed by Workflow - Automation marks task done
• Tracked for SLA - System monitors completion time vs. target

Using Playbooks in Simulations

Playbooks are essential for simulation war room drills. When you link playbook scenarios to a simulation:

1. AI Context - The playbook content helps AI generate realistic meeting transcripts
2. Task Tracking - Simulation tracks which playbook tasks would be completed
3. Compliance Measurement - Reports show compliance framework coverage
4. Gap Analysis - Identify which tasks/requirements weren't addressed

Best Practices for Simulation Playbooks

• Tag Compliance Requirements - Ensure tasks have compliance tags for coverage tracking
• Set Realistic SLAs - Help measure simulated response times
• Include Success Criteria - AI uses these for evaluation
• Keep Updated - Re-run simulations after playbook changes

Archiving Playbooks

When to Archive

Archive playbooks that are:

• No longer in use
• Replaced by newer playbooks
• Related to deprecated systems

How to Archive

1. Open playbook detail page
2. Click Archive
3. Confirm archival

Effects of Archiving

• Playbook no longer appears in active lists
• Existing incident references remain valid
• Cannot create new links to archived playbooks
• Can be unarchived if needed later

Viewing Archived Playbooks

1. Navigate to Playbooks
2. Click Archived tab
3. View or unarchive playbooks as needed

Importing from AI-Parsed Documents

PDF Parsing

When importing from PDF:

1. Upload your PDF document
2. AI analyzes the content and extracts:
   • Document title → Playbook name
   • Section headings → Scenario titles
   • Numbered lists → Task text
   • Compliance mentions → Compliance tags (when frameworks match)
3. Review the parsed structure
4. Edit any incorrectly parsed content
5. Save the playbook

Best Results: Use PDFs with clear structure, headings, and numbered task lists.

Integration Parsing

When importing from connected documents:

1. Select the source integration
2. Choose the document
3. AI parses content similar to PDF import
4. Review and save

Supported Integrations:

• Google Docs
• Confluence
• Notion
• SharePoint

Troubleshooting

Playbook Not Appearing in Incident

Problem: Can't find playbook when linking to incident

Solutions:

• Ensure playbook is not archived
• Verify you have permission to view playbooks
• Check that playbook has at least one scenario

Tasks Not Being Tracked

Problem: Playbook tasks show 0% completion during incident

Solutions:

• Ensure playbook scenarios are properly linked (not just the playbook)
• Verify tasks exist in the linked scenario
• Check incident permissions allow task updates

Compliance Requirements Not Showing in Simulation Reports

Problem: Simulation report shows 0% compliance coverage even though playbooks are linked

Solutions:

1. Add Compliance Tags to Tasks: Navigate to Playbooks, edit your playbook, and add compliance requirements to individual tasks
2. Verify Frameworks Exist: Ensure compliance frameworks are created in the Compliance section
3. Re-link Playbooks: If you added tags after creating the simulation scenario, re-select the playbook scenarios
4. Check Task Completion: Only completed tasks contribute to compliance coverage

Common Mistake: Linking a playbook without adding compliance tags to its tasks. The compliance coverage feature requires explicit task-to-requirement mappings.

PDF Import Produces Poor Results

Problem: AI-parsed playbook doesn't match source document

Solutions:

• Use PDFs with clear headings and structure
• Ensure numbered/bulleted lists for tasks
• Avoid complex multi-column layouts
• Try importing smaller sections separately

FAQ

Q: Can I have multiple versions of the same playbook?

A: Yes! Playbook versioning allows you to maintain multiple versions. Each version is preserved for audit purposes and linked incidents remain valid.

Q: Do compliance tags sync with external compliance tools?

A: Currently, compliance frameworks are managed within Tectra. Export options are available for integration with external GRC tools.

Q: Can different teams have different playbooks?

A: Playbooks are organization-wide, but you can create team-specific scenarios within playbooks or use naming conventions to organize by team.

Q: What happens to linked incidents when I update a playbook?

A: Existing incident links reference a frozen copy of the playbook at link time. Updating the playbook doesn't affect previously linked incidents.

Q: How do I know which compliance requirements are covered?

A: View the Compliance section to see frameworks and their requirements. Run simulations with linked playbooks to generate coverage reports showing which requirements were satisfied.

Next Steps

• Create Your First Playbook - Start with a simple incident type
• Add Compliance Tags - Map tasks to regulatory requirements
• Run a Simulation - Test your playbook in a war room drill
• Review Coverage Reports - Identify gaps in compliance coverage

Need help? Contact support@tectra.ai or visit our support page.