M1.4.3 - DOCUMENTATION Implementation Guidance
The entity shall maintain, protect and control documentation of its information security controls and their implementation.
Back to M1.4.3 - P2 - DOCUMENTATION
One of the most important aspects of implementing document management in an entity is to do this consistent and throughout the entity, with supporting training, awareness and also checking that the document management controls are followed. It is necessary to include templates for document management in all documentation, irrespective of the form it takes.
All this can be supported by using document management systems and other controls to technically ensure that the necessary actions are carried out, wherever it is possible, it is recommended to use technical support to achieve a complete implementation.
Compliance with this control should be checked every so often, and non-compliances should be reacted to, to demonstrate that this actually is an important control everybody needs to comply with.
Particular attention should be given to the protection of records – it is not so important for records to have an author (they are often system based- and a change history (they should not change at all if they are supposed to provide evidence), but the date of issue and the integrity of the record are important items to maintain.
Back to M1.4.3 - P2 - DOCUMENTATION
