Documentation Review

April 27, 2017 isec No Comments

Service overview

In any IT work environment, an astringent problem is the acceptable downtime of critical services that support business products and services.

Beyond having a consistent approach in solving technical problems and challenges- based on technology, people, and investments- IT professionals continuous need is efficiency in their work processes. A reasonable condition is the necessity of using the best tools to successfully achieve daily activities, such as an effective and useful documentation base.

isec can assist you with documentation reviews that generate direct gain within your technical teams and IT processes.

Our service is approrpriate for small and medium businesses with compact IT staff and heavy load, with no time or skills necessary to maintain an effective documentation. Even if the IT department has a stable work methodology and generally responds to all requests, documentation supporting the daily activities must be constantly updated to the extent that serves in situations such as disaster recovery or business continuity of services.

If you already established internal procedures that need to be up to date in terms of technology evolution and new threats and risks.

Methodology

As we need to understand businesses in-depth, we first assess every applicable regulation, internal requirements or other constraints for the state of your security documents.

We identify and assess processes and the existing documentation. Information is used to outline as closely as possible a solid matrix that encompasses mapping of security controls, policies and related standards or regulations requirements.

Policies and procedures attributes:

  • Policies should be useful and workable- in consensus with other documents, developed with the actual people that are using it, should be properly communicated
  • Policies addresses the rules rather than how to implement them, while the procedures are linked to policies
  • Policies and procedures should have some weight for the staff, no matter the maturity of internal documentation process
  • Documentation should be updated  based on received feedback and regular reviews
  • Regulations compliance check
  • Documents should not get out of date quickly, it should remain actual
  • Clear, concise and simple writing language, document structure should respect the organizational standards

The second phase of this service consists in interviews with process owners and staff members to best identify gaps at documentation level. We are using the earlier matrix to fulfil requirements and identify missing steps or cycles in the existing documentation.

The last stage of the project consists in reporting developed activities and related results of each step. Results could be updates, requests for change, opportunities for new policies or procedures, some sort of implementation plans or a compliance plan to be followed by your organization.

Deliverable

Reviewing your internal documents implies extended knowledge, specific experience and selection of criteria. Results of our analysis are delivered through solid reporting capabilities, with clear references and appropriate recommendations.

The Report, both executive and technical parts, shall be presented, discussed and agreed upon before closure of the projects. All recommendations shall be translated in actions or tasks for the implementation team, with deadlines and resposibilities.