Solved

Lack of formal documented policies

Posted on 2013-02-06
4
239 Views
Last Modified: 2013-03-14
What is the risk of not documenting formal procedures for basic systems administration? I have a systems admin who says the amount of day-to-day tasks they’d need to document would be never ending. But our external auditors for example made a recommendation that, per quarter, “a quarterly assessment should take place to verify that members of privileged security groups (such as domain admins) still have a valid business need”, which is fair enough, and a good idea to do.

But they say unless the procedure is documented it’s not an effective process? Why so? If an admin does do these checks whether or not the process to do so is documented somewhere, if the work is being done, what’s the risk? Why is the documentation so vital? Or is it? There are other issues, such as backup restore testing, i.e. test a restore once per quarter, change control procedures etc etc. Many of these tasks will be being done but the process to do them is not always documented. But without documenting it, but still physically doing the work, what is the issue.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 10

Accepted Solution

by:
Pramod Ubhe earned 167 total points
ID: 38858851
documentation makes your organization process dependent instead of person dependent.

We have a security group created let's say Group 1 which has access to modify members of privileged groups like domain admin or ent. admin and whenever there is a need of any admin to member of domain admin or ent. admin someone from Group1 grants the access to complete the work. In this way you follow the process and there is no work stoppage as well.
0
 
LVL 24

Assisted Solution

by:Nagendra Pratap Singh
Nagendra Pratap Singh earned 167 total points
ID: 38859074
Documentation stops cowboy admins.
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 166 total points
ID: 38859207
Documentation may not really stop cowboy admins.  Procedure enforce does that.  What are procedures, documentation on how do do things.

One of the biggest things documentation does is prevents the re-invention of the wheel.  Especially when the only person that has been doing a job for the last 5, 10, 15, 20 years comes in and says:

      I just won the lottery, I quit!!!!  Now go figure out what I've been doing for the last X years.
0
 
LVL 3

Author Comment

by:pma111
ID: 38859249
To what extent though do you document. Say for general day-to-day management and administration of database and file servers, what specific procedures do you document? I know this is the classic "it depends on your company" but surely there are some common ones per every IT shop?
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question