Jump to content
The mkiv Supra Owners Club

IT Bods - Has anyone had to create a Policies and procedures manual?

edd_t

By edd_t
in Off Topic

 Share

Recommended Posts

edd_t Newbie

edd_t

Posted
Posted

My brain hurts... Ive been asked to write up some info for out policy and procudes manual at work. Has anyone had to do similar, am guessing maybe a few compliance or IT directors out there may have had to...

I've been give a template (below) of information, but to tell the truth after about the 4th line it all sounds a load of crap...

 

Procedure

[This section should set out how you create user profiles, summarizing (by operating systems and application) into standard profiles the individual user/user group access rights and the business requirements met by the controls, taking into account the Access Control Policy and ensuring that application level access control is consistent with the network level access control. This procedure should reference DOC 11.3, which deals with administration of user rights, and (a suitably tailored) Operations Work Instruction DOC 10.3, which sets out the IT user name and access rights administration. This is also the place to deal with group IDs (ID = user name) – for preference, your rule should be that you do not allocate group IDs – if you have to, this is where you explain why. It might be because you have some functions where you do not need to track users and can safely provide read-only access. It might be because there is no other option, in which case you need to be clear about what other controls you might put in place. Access rights are: read, write, delete and execute and these rights need to be allocated in respect of each system and application. You need to identify how you enforce access rights to applications in line with (ISO 17799 clause 11.6.1) information classification levels and that application outputs are sent only to authorized users.]

Link to comment
Share on other sites
edd_t Newbie

edd_t

Posted
  • Author
Posted

thats not the only one i have to do. its just the first of many :(

 

i guess it will be good, at the moment most things i know/do are in my head so if i get hit by a bus no one will have a clue on how i set stuff up. its just a pain having to write it down especially having to conform to guidlines like the one above!

Link to comment
Share on other sites
Wez Enthusiast

Wez

Posted
Posted
thats not the only one i have to do. its just the first of many :(

 

We had a technical writer contracted to us from upper management who was basically hired to document our jobs, the idea being anyone could follow a script and complete our work.

 

He lasted less than a week :D

Link to comment
Share on other sites
michael Newbie

michael

Posted
Posted
We had a technical writer contracted to us from upper management who was basically hired to document our jobs, the idea being anyone could follow a script and complete our work.

 

He lasted less than a week :D

 

That's one of my many tasks - the hard bit was writing the document to document how the document telling people how to document things should be documented.

Link to comment
Share on other sites
Gaz6002 Newbie

Gaz6002

Posted
Posted

I've written several procedures and official work instructions. It's all about being able to put things into a concise and professional generalisation. Now that sounds like management bull.

 

One thing you will find is that you learn your own job better than you thought possible. It can be tedius but at the end of it not only will know the documents inside out but you'll have something to show for your hard work.

Link to comment
Share on other sites
Gaz6002 Newbie

Gaz6002

Posted
Posted
The thing is we all have our own documentation but its not public ;)

 

Same with where I used to work. Secure government network management procedures aren't something to be shared with the public. Shame really as I did some good work for them. Oh well, onwards and upwards.

Link to comment
Share on other sites
Gaz6002 Newbie

Gaz6002

Posted
Posted
:rlol:

 

I got asked to do this about 6 months ago... wrote half a policy, got to the exceptions, could not agree with the exceptions. Now they do not ask anymore :D

 

All the "true" techies do NOT do documentation, especially policies!

 

You just keep telling yourself that :)

Link to comment
Share on other sites
Schtuv Newbie

Schtuv

Posted
Posted

Documentation ... dull but necessary! I always start by creating a table of contents (for example, from http://www.iso.org/iso/support/faqs/faqs_widely_used_standards/widely_used_standards_other/information_security.htm), and working from there: This way you can properly populate links in the document as you go, and sections you can collapse or copypasta become reasonably obvious.

 

Trawling somewhere like https://www.cio.executiveboard.com can often throw up 'comparison' documents, that you can 'use as a guide' when making yours. Running a dual-head display makes this a lot easier ...

 

EDIT: BCS probably have a standard policy document set in their library - I wouldn't know, though, as I've never joined. Don't forget to make it all ITIL compliant, too ;-)

Link to comment
Share on other sites
Schtuv Newbie

Schtuv

Posted
Posted

... and don't forget to set yourself 'documentation' goals, such as;

 

- At least one white-font-white-background section of text

- Make up your own funky acronym, add it to the document, and see if it catches on

- Add a pr0n jpg, resized to 1x1 pixel size (and make sure 'reading' layout doesn't unhide it)

- At least once end a sentence with the phrase ", like the voices told me". If no-one ever mentions this, you can be sure that either the documentation hasn't been read, or everyone already thinks you're ready to be sectioned.

 

Some years down the road you can mention this to your subordinates and co-workers. They'll actually go back and read your documentation to try to find the above items :)

Link to comment
Share on other sites
edd_t Newbie

edd_t

Posted
  • Author
Posted
Documentation ... dull but necessary! I always start by creating a table of contents (for example, from http://www.iso.org/iso/support/faqs/faqs_widely_used_standards/widely_used_standards_other/information_security.htm), and working from there: This way you can properly populate links in the document as you go, and sections you can collapse or copypasta become reasonably obvious.

 

Trawling somewhere like https://www.cio.executiveboard.com can often throw up 'comparison' documents, that you can 'use as a guide' when making yours. Running a dual-head display makes this a lot easier ...

 

EDIT: BCS probably have a standard policy document set in their library - I wouldn't know, though, as I've never joined. Don't forget to make it all ITIL compliant, too ;-)

 

i think its the BCS templates we are working to, and this is all to do with ITIL or COBOL or some other crappy acronym...

 

... and don't forget to set yourself 'documentation' goals, such as;

 

- At least one white-font-white-background section of text

- Make up your own funky acronym, add it to the document, and see if it catches on

- Add a pr0n jpg, resized to 1x1 pixel size (and make sure 'reading' layout doesn't unhide it)

- At least once end a sentence with the phrase ", like the voices told me". If no-one ever mentions this, you can be sure that either the documentation hasn't been read, or everyone already thinks you're ready to be sectioned.

 

Some years down the road you can mention this to your subordinates and co-workers. They'll actually go back and read your documentation to try to find the above items :)

 

Thats brill i'll be trying some of them out :D

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. You might also be interested in our Guidelines, Privacy Policy and Terms of Use.