Solved

Lack of formal documented policies

Posted on 2013-02-06
4
235 Views
Last Modified: 2013-03-14
What is the risk of not documenting formal procedures for basic systems administration? I have a systems admin who says the amount of day-to-day tasks they’d need to document would be never ending. But our external auditors for example made a recommendation that, per quarter, “a quarterly assessment should take place to verify that members of privileged security groups (such as domain admins) still have a valid business need”, which is fair enough, and a good idea to do.

But they say unless the procedure is documented it’s not an effective process? Why so? If an admin does do these checks whether or not the process to do so is documented somewhere, if the work is being done, what’s the risk? Why is the documentation so vital? Or is it? There are other issues, such as backup restore testing, i.e. test a restore once per quarter, change control procedures etc etc. Many of these tasks will be being done but the process to do them is not always documented. But without documenting it, but still physically doing the work, what is the issue.
0
Comment
Question by:pma111
4 Comments
 
LVL 10

Accepted Solution

by:
Pramod Ubhe earned 167 total points
ID: 38858851
documentation makes your organization process dependent instead of person dependent.

We have a security group created let's say Group 1 which has access to modify members of privileged groups like domain admin or ent. admin and whenever there is a need of any admin to member of domain admin or ent. admin someone from Group1 grants the access to complete the work. In this way you follow the process and there is no work stoppage as well.
0
 
LVL 23

Assisted Solution

by:Nagendra Pratap Singh
Nagendra Pratap Singh earned 167 total points
ID: 38859074
Documentation stops cowboy admins.
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 166 total points
ID: 38859207
Documentation may not really stop cowboy admins.  Procedure enforce does that.  What are procedures, documentation on how do do things.

One of the biggest things documentation does is prevents the re-invention of the wheel.  Especially when the only person that has been doing a job for the last 5, 10, 15, 20 years comes in and says:

      I just won the lottery, I quit!!!!  Now go figure out what I've been doing for the last X years.
0
 
LVL 3

Author Comment

by:pma111
ID: 38859249
To what extent though do you document. Say for general day-to-day management and administration of database and file servers, what specific procedures do you document? I know this is the classic "it depends on your company" but surely there are some common ones per every IT shop?
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question