IT Documentation Standard

IT Documentation Standard

Overview: This document provides a framework for document categorization and helps the user in locating documents in the library as well as classifying and designing documents for filing in the central library.

Contents

1            Introduction……………………………………………………………………………………………………………………… 5

2            Documentation Hierarchy………………………………………………………………………………………………….. 6

3            Document types……………………………………………………………………………………………………………….. 8

4            Revision and Release of documents………………………………………………………………………………….. 10

4.1     Roles…………………………………………………………………………………………………………………………….. 10

4.2     Review and release process……………………………………………………………………………………………… 10

4.3     Versioning……………………………………………………………………………………………………………………… 11

4.4     Privacy Classification of documents…………………………………………………………………………………. 11

5            Using the central IT documentation library………………………………………………………………………… 13

5.1     Browsing through document library………………………………………………………………………………….. 13

5.2     Uploading new documents………………………………………………………………………………………………. 13

1           Introduction

In earlier endeavours, documentation of IT-projects was often realized by producing large documents, containing overarching information on the configuration and operation of all systems and resulting processes. Not only the increased effort to produce such type of documentation, but also the need to keep several documents updated involves a great deal of work and is prone to outdated information in certain passages.

Therefore, a new documentation-system at ITPROSEC was realized with a central document filing library, where documentation of all systems, designed and operated by IT ARCHITECTURE, is organized in a modular and standardized way. The content of documents in that library is restricted to the respective service / product / concept only. Interfaces to other systems or platforms are described appropriately and linked to other documents in the library. Hence, the specific documents can be reused as modules to compose documentation for different solutions. Together with a structural or design document and some documents on specific implementation documents, a set of modules constitutes the new documentation of an IT-environment or -solution. It is, thus, not necessary to describe standard services of IT ARCHITECTURE (e.g. network services or operating system platforms) or company policies and guidelines several times in each documentation. The separation into modules will also ease ongoing revisions as information has to be changed at a single point only. 

The requirements of such a concept were fulfilled with a hierarchical documentation system in the eShare https://eshare.itprosec.com/organization/global_it_portal/IT%20Documentation/Home.aspx, organized on three levels and containing different document types.

2           Documentation Hierarchy

ITPROSEC’s Corporate Constitution is a well-structured system of rules and regulations. While taking into account all relevant legal parameters, it is essential to maintain and apply a worldwide, internally consistent system of regulations and guidelines for sound corporate management. The structure of a self-contained and harmonized system of ITPROSEC’s constitution is depicted as following :

IT ARCHITECTURE  

Referring to the global corporate system, IT ARCHITECTURE regulations and guidelines are embedded in the hierarchical system above and connect to corporate guidelines and instructions. Influenced by the Purpose of Company, Corporate Governance and ITPROSEC’s Code of Conduct, Corporate Instructions determine IT ARCHITECTURE regulations and guidelines.

Using the corporate as a model, the document library of the central IT department is also organized in hierarchical structure. Three levels within this structure categorize documents in their grade of abstraction:

Level one withPolicies and guidelinesreflects a set of rules governing the implementation of processes, giving guidance on how to determine a course of action in a situation. Policies and Guidelines explain “why” we do things.

Level two with Standards reflects the “what-question” and defines what is required or must be achieved, i.e. security targets, in order to comply with the policies and guidelines from level one. The standards define solutions, based on given policies, to aid for the implementation of practices and procedures.

Level three with practices and procedures represent the “how-questions”, i.e. the specific conduct, methods, routines, processes, and actions to fulfil the standards as defined in level two. Practices and procedures evolve over time in response to internal and external environmental changes.

For the use in documents, the levels are named and marked as follows:

Symbol Documentation Level Think as
Level 1: Policies Why?
Level 2: Standards What?
Level 3: Practices and Procedures How?

The symbols for hierarchy levels, as presented above, are pictured in all documents in the central IT Documentation Library. Hence, templates for each document type contain the corresponding symbol in the cover page header.

3           Document types

At all levels, documents are categorized into different types in order to facilitate navigation through the documents and appropriate categorization of contents. The following table provides an overview of the different document types (core documents are indicated in bold letters):

Level Document type Description Responsible Target audience
Level1 Policy Policy documents include principles or rules to guide decisions on the design and management of IT solutions and environments at ITPROSEC. Head of IT ARCHITECTURE IT ARCHITECTURE
Level 1 Architecture Architectural Blueprints provide mandatory design guidelines for IT applications, systems or infrastructures at ITPROSEC. IT ARCHITECTURE2 (Architektur und Integration) IT ARCHITECTURE
Level 2 Standard Standards define the utilization and management of certain applications, systems or infrastructures at ITPROSEC. IT ARCHITECTURE IT ARCHITECTURE
Level 2 Technical Design Technical designs describe the technical realization of IT-solutions based on policy and architectural guidelines in relation to business objectives and legal requirements.  IT ARCHITECTURE department, which is responsible for operation of named system   IT ARCHITECTURE + C-CS1
Level 2 Business Service Manual A Business Service Manual describes a service (or product), which depends on IT deliverables, from a business perspective. The document defines the requirements for IT solutions, which are necessary to assure the quality of the business service. ITPROSEC Business department ITPROSEC Business department + IT ARCHITECTURE
Level 2 Agreement Agreements are formally written agreements on the operation of IT-solutions and environments (e.g. SLAs). tbt tbt
Level 3 Operations Manual Operations Manuals are sources of information on how to operate and support IT systems as part of a solutions or environment. IT ARCHITECTURE department, which is responsible for operation of system IT ARCHITECTURE
Level 3
User Manual
User Manuals are documents that explain end-users how to work with a certain application or system. IT ARCHITECTURE department, which is responsible for system or software End-User
Level 3
Software Manual
Software Manuals document the development of an application. This includes interfaces, data models, features, etc. IT ARCHITECTURE department, which is responsible for development and maintenance of software IT ARCHITECTURE
Level 3
Process Description
Process Descriptions explain a defined sequence of events or activities that are necessary to manage the operation of IT systems. Process owner Everyone, who is involved in respective process
Level 3 Implementation Implementation documents give detailed information on how IT systems are technically put into operation. Typical components are configuration sheets and network plans. IT ARCHITECTURE department, which is responsible for operation of system IT ARCHITECTURE

4 Revision and Release of documents

4.1 Roles

Author Person, who has in-depth knowledge of the document content and writes the first draft of the document
Document Responsible Person who initiates the creation of the document and who is to be contacted for questions and discussion concerning the content. The Document Responsible also approves the publication of a document and decides for updates, when the document content changes.
Reviewer An individually chosen individual or group of people, who have in-depth knowledge of the document’s content and who are hierarchically superior to the author.

4.2 Review and release process

For the initiation of a document, the Responsible defines an Author. After the Author finishes a draft version of the document, it is passed on to the Reviewer(s) content. Subsequently the Responsible approves the document and releases the final version in the document library.

After a period of one year, the document will be presented to the Reviewer(s) again for revision to approve whether the content still is up-to-date.

4.3  Versioning

Draft
(Versions 0.1-0.9)
For document versions until review and approval. After release, the document starts with version 1.0.
Minor release (e.g. 2.4 à 2.5) After updating the document content, a new minor version is to be released.
Major release (e.g. 2.4 à 3.0) After updating the document structure and major changes, a new major version is to be released.

4.4 Privacy Classification of documents

Unclassified Information which does not fall under any of the higher classes. It is information which is public or if disclosed would not harm the company or any individual. Information which is specifically authorized for public release. Examples • Location addresses • Customer contact names • External phone numbers • Public relations information • Brochures • Company reports • Presentation materials • Location lists.
Company Internal   Information which is important to the business, available to all staff but which should not be disclosed outside the company. Most operational information will fall into this category. Minor harm to ITPROSEC would result from the disclosure of this information. Examples • Lists of ITPROSEC employees or agents • Internal telephone directory.   Default classification of all IT documentation
Company Confidential Information which, if disclosed outside a functional group or community within ITPROSEC, would result in serious harm to ITPROSEC. Information which is subject to legislative, regulatory or contractual requirements for privacy. Information to which general “need-to-know” rules should be applied.   Examples Information restricted within departments and groups, for example: • Employee personal information • Salary and pay-roll information • Software source codes • Tactical plans • Marketing programs • Project information, quality reports etc. • Special pricing schedules • General market and competitor intelligence information • Routine security reports.  
Strictly Company Confidential   Information which, if disclosed to any company or individual other than those with a specific “need to know” and who have been individually approved by the information owner, would result in substantial harm to the company. Information that would give significant market advantage to a competitor, and any information, that, if disclosed, would be harmful.   Examples Information only to be seen by authorized, named individuals, for example: • Marketing strategies • Research data • Corporate Strategic Plans • Special negotiated tariffs • Trade secrets • Financial results • Product specifications • Specific market and competitor intelligence • Serious security incident reports.

5 Using the central IT documentation library

5.1  Browsing through document library

IT-Documentation provides a short overview over document types and organizes documents in the IT ARCHITECTURE Documentation Library in a functional way.

All documents in the IT ARCHITECTURE Documentation Library can be found under Documents.

Public Views

All Documents (Standard View): All documents, sorted by topic (1.) and category (2.)

By Category: All documents, sorted by category (1.) and topic (2.)

<Category name>: Only documents of a specific category

<Topic name>: Only documents of a specific topic

Open document in read-only-mode by clicking on document name

5.2                                            Uploading new documents

Create Document, using a template for the suitable document type (see 3.1). Templates are stored in the document library under the respective document type.

Please pay attention to select category, status, responsible and topic correctly in the document properties!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.