sunhux
asked on
Classification of IT documents
I read in one site that IT documents can be classified as
1. Policies (I think this one requires very senior mgmt approval & non-adherences have to recorded into deviation list for regular review )
2. Standards (this one needs deviation list too if non-compliant)
3. Procedure (sort of instructional doc)
4. Guidelines (don't need to be adhered to strictly, just for guidance & allows for non-adherences without maintaining deviations)
5. Framework
(guess there are more, say "Checklists" but I'm excluding manuals & handbooks)
There's some debates as to whether to classify the following into one of the above categories:
1. Cloud Computing Implmentation :
A list of how to assess a CSP & requirements for onboarding a system to a cloud
I think it's "Guidelines" as googling around for “Cloud Onboarding”, shows mostly it’s a guide.
Depending on the criticality of the system that is onboarded to Cloud, the requirements may differ
2. Risk Assessment for Cloud Solution Sample :
Classify as Checklist (or if there’s no such category, then a Procedure)
3. End User Computing Handbook v1.5 :
I think it's a Guideline or Guide
What about Framework? Does ISO27001 has any mention of how to classify them?
1. Policies (I think this one requires very senior mgmt approval & non-adherences have to recorded into deviation list for regular review )
2. Standards (this one needs deviation list too if non-compliant)
3. Procedure (sort of instructional doc)
4. Guidelines (don't need to be adhered to strictly, just for guidance & allows for non-adherences without maintaining deviations)
5. Framework
(guess there are more, say "Checklists" but I'm excluding manuals & handbooks)
There's some debates as to whether to classify the following into one of the above categories:
1. Cloud Computing Implmentation :
A list of how to assess a CSP & requirements for onboarding a system to a cloud
I think it's "Guidelines" as googling around for “Cloud Onboarding”, shows mostly it’s a guide.
Depending on the criticality of the system that is onboarded to Cloud, the requirements may differ
2. Risk Assessment for Cloud Solution Sample :
Classify as Checklist (or if there’s no such category, then a Procedure)
3. End User Computing Handbook v1.5 :
I think it's a Guideline or Guide
What about Framework? Does ISO27001 has any mention of how to classify them?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
more appropriate to be classified as policy, framework, guideline or ... :
refer to attached for a sample content : does such content belong more
to a policy, guideline or framework? I plan to forward it to vendors who
are tendering to place our systems in a cloud
CloudImple.JPG