Security's Everyman

Security's Everyman

Friday, June 06, 2008

In praise of documentation

One of the most important things that a company can do is to document their environment. This holds true for all areas of business. You need to know what you have, how it works, what it's worth (not just in dollars but to the operations of the business), how do you operate without it, what dependencies does it have and what depends on it. When you get into talking about technology you have a few more things to take into consideration. What does it take to keep it up and running, how is it configured and secured, what are the specs required to run it, and on and on.

This documentation gives you the needed information to continue operations, or get back up and running quickly if problems, disasters or failures occur. When done properly it can be the difference between continued operations and closing the door and hanging a "Gone Fishing" sign. It can be the difference between having a system back up and running in a matter of hours or days. Good documentation can cut troubleshooting time down to little or nothing.

Documentation also plays other roles. Auditors ask for lots of documentation of what you are doing and how you can prove it. They want proof of what you say and often good documentation is the proof that keeps them happy.

The problem is that documentation is no fun. Not many people enjoy documenting a server configuration or how the network is connected. Most of us in IT would rather build, fix and configure than document how we did it. This presents a problem when it comes time to rebuild a system and you can't remember how an application was configured or how you had an ACL constructed to help protect the financial department from engineering.

It can also become a nightmare when you get notice that an audit is coming up in the next few weeks or months. It's important to not only have your documentation in order but to know what it is that is expected and what you told them last year you would do this year. Spending a few weeks trying to figure out if you have met the requirements from last years audit and trying to gather all the information needed for this years in not much fun. Not to mention it takes valuable time away from other things that needs to be done.

Managing your documentation is an important part of any program. It is as important as any other piece and often more important. It's kind of like an insurance policy that sits in a file cabinet and you wonder why you spent money on it until you need it. Then you realize that it's worth every dime it cost you. Having someone who is good at documenting and can help you manage it will be a valuable asset to an organization. It will save time and money. It will help keep your stress level low and may well be the difference between a minor blip in operations and a complete shut down in operations.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.