|
Initiation responsibility: IT Security Management Team
Implementation responsibility: IT Security Officer
The individual phases of the IT security process and the results of the process should be documented. Such documentation is important to maintaining IT security and hence to ensuring that the process continues to develop in an efficient manner. It facilitates identification of the causes of problems and operations which have gone wrong and their elimination. It is important here that not only should the latest version of the documents concerned be easy to get hold of, but central archiving of superseded versions should also be undertaken. This will ensure continuous traceability of developments in the area of IT security, so that it is clear what decisions have been made.
Documentation of the IT security process should as a minimum extend to the following documents:
It is the task of the IT Security Officer to keep documentation up-to-date at all times. He should also ensure that controlled access to the documentation is possible. Here he must ensure that information can be passed to authorised persons rapidly, while at the same time safeguarding the confidentiality of details internal to the organisation.
Additional controls:
© Copyright
by Bundesamt für Sicherheit in der Informationstechnik |
last update: October 2000 |