Cybersecurity: Getting Documentations right is the first step to ensuring Information security

in blurttribe •  5 months ago 

Documentation is easy to get right, but it will be funny to know that most organisations struggle to get this right. When we talk about documentation in an organisation, it refers to the soft copies and hardcopy information, which could be policy, procedure, the standard of operating, could even manuals and handbooks. While the classification of these documents could be different, it is important to know how to handle them or create them in the first place.



Before the organisation's classification and Handling of documents could happen, the documents need to be created in the first place. This is why it is important to have a guideline for how an organisation wants to create their document. This guideline is to establish uniformity in all the documents in the organisation and also aid in properly identifying a document without stress. This Guildine also needs to be a document, and every staff should have access to it.

Getting this guideline documented could be hectic and confusing, but I have listed some vital areas needed at least for a start. Regardless of the format chosen, those areas listed below needs to be touched:

  • Having a title page
  • Having a way Naming convention: How does the firm want to reference document
  • Ensuring that files are properly titled
  • How to label a document according to its type; for example, a policy document would carry POL in its title, Procedure could carry PRO, Standard of Operation could be SOP etc.
  • The font to be used
  • The line spacing on each Word document
  • How the Footer and header should look
  • Classification of the document. i.e. all Word documents need their classification to be inscribed on them.
  • The firm's logo
  • The firm should decide whether to use a watermark or not
  • Date the document was created
  • The name of the person who created it
  • The name and signature of people who approved the document: this is mostly applicable to Policy, Standard of Operation, and Procedure documents.



Now that we have outlined some of the action points on how a document should be formatted, let's talk about about this document should be classified. The classification of the document outlines who is supposed to have access to certain documents and who is not supposed to. Firms could classify documents in lots of ways. However, the key line is that how documents are handled and labelled depends on their classification.

An example of classification established in a firm is discussed below:

  • Public: This is information that the organisation shares with the public. This document or information could be found on the website, handbills etc. Exposure to this type of information will not hurt the organisation.

  • Internal Use: This document or information is expected to drive operations in the firm. These documents could be policy documents, standards of operation and, of course, Procedure documents. The exposure of this document could hurt the firm a bit, but not in a destructive nature.

  • Confidential: This document or information contains sensitive information to be known only to specific people. This information could be salary pay slips of all staff, client details, legal documents and other sensitive documents, which be in the care of the CEO or top management staff. The exposure of these documents to unauthorized personnel could lead to the firm facing legal sanctions, loss of goodwill, loss of public confidence, loss of clients and course, loss of money.

After the document has been classified, it is wise to label them just like they have been classified, giving a good sense of what the document entails. So it's key to label every document based on the classification, and it gives a sense of urgency on how they should be protected.

Based on the classification of the documents, staff needs to handle it as such. The handling involves how the documents will be stored and how they will be secured. For security, we are talking about how they are sent and encrypted. What technology will we use to store the documents, and who should have access to them? How are we going to communicate the internal and confidential documents? Answering these questions right will help the firm achieve the confidentiality, integrity and availability of information in their everyday operations.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE BLURT!