Documentation is a central component of information security. Only with good documentation can processes be standardized and reproduced, information exchanged and passed on, and evidence and data secured. Documentation also serves to establish binding specifications, prove conformity, and make decisions made understandable.
On the other hand, it must also be made clear that documentation should not serve as an end in itself. Documentation should always offer relevant added value for information security and not appear as another bureaucratic challenge.
The topic of documentation has so far been addressed in IT baseline protection in a variety of places and for different target groups. Up to now, it has often not always been clearly described when something should be documented, how and for whom, and what purpose the respective documentation should actually serve.
As part of the further development of IT-Grundschutz, we are now providing an FAQ on documentation that provides a central introduction to the topic of IT-Grundschutz and addresses the most important questions that users are confronted with in the context of documentation. The FAQ is supplemented by a tabular overview that shows which documents should be created for which requirements from the BSI standards and modules of the IT-Grundschutz compendium. It is a recommendation and should not be viewed as binding, as it may be useful in individual cases to adapt the structure and form to your own situation.
Â
Â
The proposed document structure will provide the basis for the ongoing development of IT-Grundschutz and will be natively integrated into future versions of IT-Grundschutz. This means that the tools currently provided separately will in future be integrated directly into the relevant BSI publications (BSI standards and IT-Grundschutz modules). The recommendatory nature of the document structure will also be retained here.
But before we take this next step, we want to give you the opportunity to review and comment on the current tools. The tools will therefore be made available in the familiar community draft format.
Â
Â
Comments