Procedure Guidelines and Controls Documentation

Procedure Guidelines and Controls Documentation
Friday, 30 September 2011 15:09
Print E-mail
User Rating: / 16
PoorBest 
Publications and Whitepapers
Article Index
Procedure Guidelines and Controls Documentation
Document Library Management Program
Process Librarian
Access Control
Data Classification and Data Owners
Document Types and Their Use
How Do I Validate My Document?
Should I Write A Process Profile?
Where Do I Find the Template?
Should I Write A Work Instruction - SOP?
Why Do RunBooks Focus On Service?
How Do I Find Or Store My Document?
Where Are Devices Inventoried As Assets?
Controls and Key Controls (see Control Self Assessment Portal)
Controls and Key Controls - Where Do I Find The Form or Template?
When Do I Use A Flow Diagram?
WAcronym Glossary and Definitions
Risks and Associated Controls (SAMPLE)
IT Process Asset Library - Recommendations for information organization and visibility over document assets
All Pages
Page 1 of 19

Procedure Guidelines and Controls Documentation December 11, 2005 © Robin Basham, M.Ed., M.IT, CISA, ITSM, CGEIT, CRISC, ACC

Want to implement your own Process Program? Contact EnterpriseGRC Solutions, Inc.. Try our FREE PROCESS ASSET LIBRARY

Now Available in PDF at AuditNet.org

 

EnterpriseGRC Solutions, Inc. is proud to be listed with and to support Jim Kaplan's AuditNet.org

http://www.isaca.org/Template.cfm?Section=Archives&template=/TaggedPage/TaggedPageDisplay.cfm&TPLID=7&UserDefinedDate1=11/01/2006Portions of this page are published in the ISACA Control Journal.  Copyright © 2006 ISACA. All rights reserved.

For a live view of the article as published, please visit ISACA Control Journal

TEMPLATE [Company Name]

Sample Document for use as model for corporate process guidelines and procedures Content is protected by Copyright, ALL RIGHTS RESERVED

 
Process Profile

Process Owners:

Owners Department(s):

Process Owner At Release:

Release Approval List:

Distribution List:

Document Authors:

Data Classification:New

Confidential

Effective Date:

Revision Date:

Version Control

Revision Notes

Revision Code

Rev-Author

RevRel Date

Release App by

[This is a prototype for the benefit of persons seeking a model for an overall compliance program.]

Purpose and Scope

Procedure Guidelines and Controls Documentation outlines how to create and modify procedures, work instructions, policies, and RunBooks as they currently exist in their correct location and format and as aligned to the requirements of document security.

Change control, information asset location, and documentation format standards are the combined responsibility of Security Management, Quality Assurance, and Process Engineering.  In the context of creation, iteration, approval, and posting, the Process Librarian manages documentation.

Process Engineering manages quality over documentation as demonstrated by document templates.

Security Management defines policy and access rules for the recording, adherence to, and monitoring of procedures involving data integrity, privacy, and security across any enterprise-level configuration.

Policy Statement

All changes, additions, and deletions to the production documentation library require management approval.  Managers should notify Process Engineering of changes to production process.

Requirements

The primary security elements of any document library management process are:

  • Auditable changes
  • Evidence of document library and document lifecycle management that is readily available for those who need to monitor this activity.

Documentation strategies need to:

  • Reduce complexity.
  • Prioritize key control processes
  • Reflect  COMPANY process architecture
  • Represent real functions and real activities



< Prev

Last Updated on Thursday, 03 May 2012 17:29
 
New Services
The GRC Buzz

 

Now Available - Cloud & Virtualization Essentials™

 

 

 

Push 2 Check

http://rymatech.com/

 

HISPIHolistic Information Security Practitioner Institute (HISPI) welcomes EnterpriseGRC Solutions as member of their HISP Certification Board/Committee Read More

GRC Solutions

ITpreneursITpreneurs is proud to name EnterpriseGRC Solutions as its newest certified partner. ITpreneurs and EnterpriseGRC Solutions will collaborate to increase Cloud and Virtualization concepts and controls, ISO 27001, COBIT and ITIL courses offered through EnterpriseGRC Solutions. “Every member of my organization has achieved at least one certification through ITpreneurs, and this is the second company that I’ve founded with that same promise. [...] It is a proud day, that we can be a part of ITpreneurs’ landmark efforts to bring forward CompTIA Cloud Essentials training and certification. - Robin Basham, Managing Partner.

ComplianceExchange A Blog We Love

Spontaneous Kudos - We've really been digging our digest from The Compliance Exchange

Review enterprisegrc.com on alexa.com

Have you read Value of a Conversation?

Please Join us on Facebook

Read More

Partners and Client Information
EnterpriseGRC Solutions is recently named as a member of the Cloud Credential Council. Holistic Information Security Practitioner Institute names CEO, Robin Basham, to their Education Advisory Board.

Ryma Technology Solutions names EnterpriseGRC Solutions as an Affiliate Partner.  More. Recent Wins: EnterpriseGRC Provides IS0 27001 Policy and SOA readiness for NetSuite Inc.  EnterpriseGRC Solutions Sponsor to ISACA ITGI.  Recent Partner Alignments include ITpreneurs, Control Solutions International

Request For Information? Please fill out our Wufoo form.

Wordle: EnterpriseGRC.com Blog
Cloud Credential Council
Read More

ISACA Silicon Valley LogoAre you attending "Enabling Trust: Business In the Cloud"? Learn more.

© EnterpriseGRC Solutions, Inc. 2012 | Privacy Policy | Toll Free Contact 800 847-6821