Information Assurance Documentation (IAD)
by Paul Flint
- Scope
- Process
- Boundaries
- Benefits
- Costs
Long-term Goal
"Know thyself"
To manage or secure a client site as a fixed price service provider, it is necessary to have;
- a detailed idea of the client system scope
- how this data, system, hardware and network drives your client's business process
- the exact boundaries of this client system.
Auditing of the client data software, hardware and network has immediate benefits in your service operations, is a value and lowers your costs.
SCOPE
- Data Client data where is it? How is it protected?
- Software The programs that operate on this information and the process they go through need to be summarized and understood by all servicing personnel
- Hardware The computers , monitors, printers, scanners and accessories are business assets that need to be cataloged and controlled.
- Network Network Access - who has it? Internet Access - what are the baselines? Network diagramming is a necessity.
PROCESS
When your firm arrives on site based upon conclusion of a contract. This contract was precipitated by:
- An out-sourcing decision
- Merger or Acquisition
- Reaction to information emergency
- Situation yet undefined
Your organization is being dropped in the HOT ZONE, and this transition period is critical.
Do you need additional documentation resources?
BOUNDARIES
With the transfer of new land (or a new LAN) a survey needs to be made. With this survey...
- meets and bounds are determined and
- demarcation of system elements takes place.
This is the purpose of the System Description Document and should be the first deliverable.
BENEFITS
- This System Description Document (SDD) fulfills you Customer's need to understand your contractual commitment to maintain his system.
- This SDD becomes the basis for all future documentation (e.g. the Risk Assessment).
- This documentation product demonstrates to the client your profound, complete and clear understand of the client's system configuration.
- The System Description Document defines the attributes of the system under care and links the service product to customer requirements, needs and wishes.
COST ANALYSIS
- Good Documentation Costs.
- There is an initial audit Price and a maintenance audit cost. This cost is typically related to the number of computers in the system.
What are the typical costs?
- Initial Survey
- Initial Fixed Price Survey at
$50.00 per workstation and
$300.00 per server
- Monthly Maintenance
- Maintenance and annual audit costs at
$5.00 per month per workstation and
$30.00 per month per server
STRENGTHS AND ADVANTAGES
- Special features of the System Description Documentation include a Web-based interface, there are additional multiple ways that this can be made available.
- The operational and financial advantages of complete system documentation to the customer and service personnel are clear - faster time to a fixed system.
- There are many systems for configuration and documentation management, there appears to be no competition in LAN documentation as a service
- The main attributes of this service is that neither the service provider nor the customer need to develop or maintain system database, software, hardware or network documentation.
Next Steps
- Examine the sample System Description Document
- Examine http://www.flint.com/ahc
- Convergence on documentation standard
- Develop cooperative documentation
- Propose this service to your clients