Managed IT
24/7 NOC Services Explained: How a NOC Works in Ethiopia
A Network Operations Center (NOC) is the 24/7 team that monitors, triages, and resolves incidents across an enterprise IT estate. For Ethiopian banks, insurers, telecoms, and large enterprises, the NOC is the operational layer that turns a strategic IT investment into a reliable service. This guide explains what a NOC does, the tools it uses, the staffing model, and how UT Solutions runs its 24/7 NOC from Addis Ababa.
What a NOC actually does
A NOC is not a helpdesk. The helpdesk takes calls from end users ("my laptop won't print"); the NOC monitors the infrastructure (the printer server, the network, the data center power and cooling) and resolves incidents before the end user notices. The NOC is also not a SOC. The SOC focuses on security events (intrusion, malware, exfiltration); the NOC focuses on availability and performance events (link down, server unreachable, UPS on battery).
A well-run NOC performs four functions: monitor (collect telemetry from the estate, alert on threshold breaches), triage (acknowledge, classify, prioritize the alert), resolve (apply the runbook, restore service), and report (track MTTA, MTTR, alert volume, and trend). The best NOCs also perform proactive functions: capacity planning, patch tracking, configuration drift detection, and change-window monitoring.
Why it matters in Ethiopia
Ethiopian enterprises are bound by the NBE's IT risk management directive and the wider regulatory expectation that material incidents are detected and contained within minutes, not hours. The expectation cannot be met by a business-hours IT team. It can only be met by a 24/7 NOC, staffed with senior engineers, with the tools and runbooks to act on the alert.
Building a 24/7 NOC in-house is impractical for most Ethiopian enterprises. The shift coverage requires at least 6 senior engineers, the tooling investment is real, and the on-call burnout is severe. Outsourcing the NOC to a managed service provider is the standard answer, and the maturity of Ethiopian MSPs in 2026 means the customer can pick from a credible shortlist.
NOC tooling — the four real choices
| Tool | Type | Strength | Best for |
|---|---|---|---|
| SolarWinds | On-prem | Deep network monitoring, customizable | Traditional enterprise networks |
| PRTG | On-prem / cloud | Easy to deploy, broad sensor library | Mid-market, branch estates |
| Zabbix | Open-source on-prem | Free, very flexible, no license cost | Cost-sensitive, large estates |
| Datadog | SaaS | Cloud-native, great dashboards | Cloud-heavy, devops-led |
UT Solutions typically uses a mix: PRTG for branch and infrastructure monitoring, Zabbix for the data center, and Datadog for the cloud and application layers.
Staffing model
The minimum viable NOC staffing for 24/7 coverage of a 1,000-device estate is 6 engineers: 4 shift engineers (3 shifts, 4 each) plus 2 senior engineers on rotation. The shift engineers triage and resolve P3/P4 incidents and escalate P1/P2; the senior engineers carry the pager and handle the complex calls. The on-call burden is real and must be priced into the contract.
Beyond the engineering team, the NOC needs a NOC manager, a runbook author, and a service delivery manager who runs the quarterly review with the customer. The realistic headcount for a 24/7 NOC that supports 5 to 10 enterprise customers is 14 to 18 people, with a senior engineer ratio of 1:4.
SLAs that matter
The NOC SLA is defined by four numbers: MTTA (mean time to acknowledge), MTTR (mean time to resolve), uptime, and alert noise ratio. The first three are standard; the fourth is the most diagnostic. A NOC that pages on every false positive is a NOC the customer cannot trust. UT Solutions' target: MTTA under 5 minutes, MTTR under 30 minutes for P2 and 4 hours for P3, 99.95% uptime on the monitored services, and a noise ratio under 5%.
The SLA must include hard liquidated damages. Service credits are marketing; LDs are commitment. A NOC contract without hard LDs is a NOC contract the customer cannot enforce.
UT Solutions' NOC operations
UT Solutions runs a 24/7 NOC from our Mickey Leland St (Eldasol Building) headquarters, with 16 engineers across three shifts and a senior on-call rotation. We monitor over 8,500 devices for nine Ethiopian banks, three insurers, and two manufacturers, using a mix of PRTG, Zabbix, and Datadog. Our SLA is 5-minute MTTA, 30-minute MTTR on P2, and 99.95% uptime on the monitored services, backed by hard LDs. We publish a monthly availability report to every customer, with a quarterly business review.
Case study: Awash Bank NOC outsourcing
Awash Bank engaged UT Solutions to take over the 24/7 monitoring of its 1,200-device estate across 240 branches, the data center, and the DR site. UT Solutions deployed a Zabbix + PRTG stack, integrated with the bank's ServiceNow, and staffed a four-shift NOC. Over 18 months, the bank's P1 incident rate dropped 58%, the MTTR on P2 incidents dropped from 95 minutes to 27 minutes, and the bank's IT team has shifted from reactive firefighting to proactive architecture work.
Common NOC mistakes to avoid
The most common NOC failure in Ethiopia is a tool without a runbook. A NOC that monitors 5,000 devices but has no documented response to the alerts is a noisy, expensive dashboard. UT Solutions' onboarding process requires a runbook for every alert class before the NOC takes ownership. The runbook is reviewed quarterly, with a tabletop exercise against the top 10 alerts.
The second mistake is treating the NOC as a cost center. A well-run NOC is an investment with measurable ROI: the cost of one prevented P1 incident often exceeds the entire NOC budget. The right way to talk to the board about the NOC is in terms of prevented incidents, MTTR, and SLA compliance — not headcount or alert volume. UT Solutions publishes a monthly availability and incident-prevention report for every customer.
The third mistake is no automation. A NOC that handles every alert by paging a human cannot scale. The right answer is a SOAR (security orchestration, automation, and response) layer that handles 70 to 80% of the alerts without human intervention. UT Solutions runs a SOAR playbook for every customer, with quarterly tuning of the automation rules to reduce false positives.
What "good" looks like in a 24/7 NOC
A mature 24/7 NOC in Ethiopia has six measurable attributes. First, 5-minute MTTA on P1 alerts, with a documented escalation path that names the on-call engineer. Second, 30-minute MTTR on P2 incidents, with the runbook that drove the resolution. Third, 99.95% uptime on the monitored services, with a published monthly report. Fourth, a noise ratio under 5%, with quarterly tuning of the alert rules. Fifth, a customer satisfaction score above 4.5 out of 5, with a quarterly customer survey. Sixth, a 24/7 SOC and NOC integration, with shared runbooks for the incidents that span both.
The other dimension of "good" is the relationship with the customer. A NOC that pages the customer on every alert is a NOC the customer ignores. A NOC that pre-triages, contains, and only escalates confirmed P1 incidents is a NOC the customer trusts. UT Solutions' NOC practice publishes a monthly report that walks the customer through the alert volume, the MTTR, the noise ratio, and the top three actions for the next month.
The realistic 2026 budget for a managed 24/7 NOC in Ethiopia is ETB 1.6 to 2.6 million per month for a 1,000-device estate, with the price scaling linearly to the estate size. The NOC headcount is 6 to 8 senior engineers for 1,000 devices, 12 to 16 for 5,000 devices, and 20 to 30 for 10,000+ devices. UT Solutions' NOC pricing is transparent and tied to the SLA; we do not charge per alert.
Frequently asked questions
What is the realistic cost of a 24/7 NOC for a mid-sized bank?
ETB 1.6 to 2.6 million per month for a 1,000-device estate, with a SLA of 5-minute MTTA and 30-minute MTTR. The price includes tooling, staffing, and the on-call rotation.
Can the NOC be in a different country?
For non-regulated workloads, yes. For banking and government, no. The NBE expects a local NOC with local engineers, in the same time zone, with the ability to be physically on-site within hours.
What is the most important metric?
MTTR on P1 incidents. Everything else is downstream of that. UT Solutions' median MTTR on P1 for the last 12 months was 14 minutes.
Can the NOC also be the SOC?
In a small MSP, yes. In a regulated enterprise, no. The skill sets and the alert pipelines are different. UT Solutions runs separate NOC and SOC teams in the same building, with separate escalation trees.