Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Lack of formal documented policies

Posted on 2013-02-06
4
Medium Priority
?
261 Views
Last Modified: 2013-03-14
What is the risk of not documenting formal procedures for basic systems administration? I have a systems admin who says the amount of day-to-day tasks they’d need to document would be never ending. But our external auditors for example made a recommendation that, per quarter, “a quarterly assessment should take place to verify that members of privileged security groups (such as domain admins) still have a valid business need”, which is fair enough, and a good idea to do.

But they say unless the procedure is documented it’s not an effective process? Why so? If an admin does do these checks whether or not the process to do so is documented somewhere, if the work is being done, what’s the risk? Why is the documentation so vital? Or is it? There are other issues, such as backup restore testing, i.e. test a restore once per quarter, change control procedures etc etc. Many of these tasks will be being done but the process to do them is not always documented. But without documenting it, but still physically doing the work, what is the issue.
0
Comment
Question by:pma111
4 Comments
 
LVL 10

Accepted Solution

by:
Pramod Ubhe earned 668 total points
ID: 38858851
documentation makes your organization process dependent instead of person dependent.

We have a security group created let's say Group 1 which has access to modify members of privileged groups like domain admin or ent. admin and whenever there is a need of any admin to member of domain admin or ent. admin someone from Group1 grants the access to complete the work. In this way you follow the process and there is no work stoppage as well.
0
 
LVL 24

Assisted Solution

by:Nagendra Pratap Singh
Nagendra Pratap Singh earned 668 total points
ID: 38859074
Documentation stops cowboy admins.
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 664 total points
ID: 38859207
Documentation may not really stop cowboy admins.  Procedure enforce does that.  What are procedures, documentation on how do do things.

One of the biggest things documentation does is prevents the re-invention of the wheel.  Especially when the only person that has been doing a job for the last 5, 10, 15, 20 years comes in and says:

      I just won the lottery, I quit!!!!  Now go figure out what I've been doing for the last X years.
0
 
LVL 3

Author Comment

by:pma111
ID: 38859249
To what extent though do you document. Say for general day-to-day management and administration of database and file servers, what specific procedures do you document? I know this is the classic "it depends on your company" but surely there are some common ones per every IT shop?
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question