AIOps POC Checklist
The 30-day proof-of-concept that vendors don't want you to run, real workloads, exit criteria written before kickoff, and the courage to walk away on day 31.
Why most POCs are theatre
The vendor sends three solutions engineers. They onboard one synthetic service. They demo correlation on data they pre-tuned. The customer team is impressed; the contract closes; six months later the platform never integrated with the actual production environment because the data shape was different and the alert volume was 30x higher than the demo.
The POC failed because it was a sales demo with a prettier name. Real POCs feel uncomfortable. The vendor's solutions team gets less time, less data prep, fewer presentations. The customer's SRE team runs the platform on production traffic with no special tuning. The vendor's product is being evaluated, not the vendor's people.
If your POC is run in a sandbox the vendor controls, with synthetic data the vendor provides, you didn't run a POC. You ran a tutorial.
Write exit criteria first
The single most important POC discipline, write your exit criteria before the vendor sees the kickoff calendar invite. Specifically: a one-page document, signed by the SRE lead and the budget owner, listing the three to five outcomes that constitute a "yes."
Example exit criteria for a $250k AIOps deal: (1) MTTR on the top-five recurring incident classes drops by 40% measured against the prior 90 days. (2) At least 60% of low-severity incidents auto-remediate without human action. (3) Alert volume drops by 50% with no Sev-1 missed during the POC. (4) The platform integrates with our existing PagerDuty, GitHub, and Datadog without breaking workflows. (5) The on-call team's NPS for the platform is 7 or higher.
Write these before the vendor proposes the POC plan, not after. Vendors who can't tell you on day one whether they'll hit your criteria don't believe in their own product.
The 30-day scope
Thirty days is enough. Sixty days is a sales tactic. Ninety days means you forgot you were running a POC.
Week 1, onboarding. Connect data sources, deploy agents, get the platform receiving production telemetry. The vendor's solutions team is on-site or on-call but the SRE team does the actual configuration. If the vendor needs to do the integration work, you'll need them to do it forever.
Week 2, observation. The platform watches. No one acts on its outputs yet. The team measures false positive rate, alert quality, signal correlation accuracy against incidents the team already knows about. This is the data layer you scored against.
Week 3, action. The platform starts auto-remediating low-risk incidents (restarts, scale-ups, cache flushes). The on-call team observes its decisions. Each auto-action is reviewed within 24 hours.
Week 4, measurement. Data freeze on day 28. Two days to compile metrics, run the decision meeting on day 31. Time-boxed, no extensions, no "we just need one more week."
Use real production data
The hardest part of running a useful POC is getting comfortable pointing the vendor's platform at production. Your data security team will resist. Your SRE team will worry about contention. The vendor will offer a "starter sandbox" to ease the friction.
Take none of these shortcuts. The signal you're trying to measure, does this platform actually reduce MTTR on our infrastructure, only exists in production. A POC on synthetic traffic tells you nothing about how the platform handles your alert volume, your service map, your post-incident chaos.
The legitimate concerns can be handled. Negotiate a 30-day data residency clause. Run the platform in read-only for the first two weeks. Whitelist specific actions for week three. Add an audit log review at the end. These take a few hours of legal work and pay back the rest of the contract.
The five metrics that decide
Forget vendor scorecards. Track these five against your own baseline.
- MTTR delta on top-five incident classes. Compare against the prior 90 days, same incident types, same on-call team. Aim for 30%+ reduction; below 15% is a fail regardless of vendor enthusiasm.
- Alert volume change. Total pages per week to the on-call team. Should drop 30-60%. If it goes up, the platform is making more noise, not less.
- Auto-remediation rate. Percentage of incidents resolved without a human action, by severity. Sev-3 should be 60%+, Sev-2 should be 30%+, Sev-1 should be careful, audited, and small.
- Engineer NPS. Anonymous survey to the on-call team after week 4. "Would you recommend using this platform during your next on-call rotation?" Below 6 means the team will route around it after the deal closes.
- Time-to-onboard a new service. Pick one service the team didn't onboard during the POC. On day 28, ask the on-call lead to add it without vendor help. Time the result. If it takes more than two hours, your platform owner cost will be permanent.
Vendor POC traps
The "let our SE drive" trap. The vendor's solutions engineer does the integration, configures the rules, tunes the correlation. The platform looks brilliant. After the deal, your team has to do this themselves and discovers it's a full-time job. Always make your team do the configuration during the POC.
The "starter pack" trap. Vendor offers a curated set of pre-built dashboards and integrations to "save time." This is the demo data again. Build from scratch on your environment.
The extension request. "We're so close, can we add two weeks?" If the platform isn't proving itself by day 28, two more weeks won't change the outcome. The extension is usually a stalling tactic so the deal lands in the next quarter's quota.
The "two POCs running in parallel" trap. Customer thinks they're being efficient. Both vendors race to the bottom on professional services. The team is exhausted. The decision is made on relationship, not data. Run one POC at a time, sequentially. Six weeks total beats four weeks of chaos.
Day 31, the decision meeting
One hour, three people minimum, the exit criteria document on the screen. For each criterion, the score is yes or no, with the metric on the page. No "directionally yes", that means no.
The decision falls out of the document. If three of five criteria are yes and two are no, the platform fails the POC. The right move is to renegotiate scope or pricing, run a second focused POC on the failing criteria, or walk. The wrong move is to sign anyway because the demo was good.
The hardest discipline in AIOps buying is walking away from a POC that almost worked. Vendors know this. The only protection is the document you wrote on day one. Read it on day 31. Decide. Move on either way.