Tuesday, September 16, 2008

IT Governance Documentation - Simplified

As an airline industry IT consultant I have had the opportunity to use two highly effective resources to help simplify and put structure around IT Governance documentation.

1. IT Governance Ltd. in the UK. http://www.itgovernance.co.uk

They use ISO standards 27001 and 27002 as the framework for a comprehensive Information Security Management System. They deliver toolkits with easy to follow instructions and pre-written templates to help you produce documentation for your Information Security Manual and the following IT control areas:

Risk Assessment
Security Policy
Asset Management
Human Resources Security
Physical and Environmental Security
Communications and Operations Management
Access control
Information Systems Acquisition, Development and Maintenance
Information Security Incident Management and,
Business Continuity Management

IT Governance Ltd "gets it". Their toolkits are all you really need to produce documentation that upholds the integrity of ISO and puts you in an audit-ready position for SOX and PCI compliance.

2. Unified Compliance Framework http://www.unifiedcompliance.com/

UCF unravels and cross-references the entire spectrum of controls needed for regulatory compliance. They track and reference dozens of authority documents including those for: Sarbanes Oxley, Banking and Finance, Healthcare and Life Science, Energy, Payment Card, US Federal Security, Records Management and more. The Unified Compliance Framework reduces the regulatory tornado to a much smaller set of harmonized controls, giving you a single point of control over hundreds of complex compliance requirements from around the world. Meeting your compliance requirements has never been this straightforward.

They publish "Say What You Do", a book that is a technical writer's manual and reference guide to building a framework of IT controls, policies, standards and procedures.

With the above two resources, a small team of technical writing consultants can create new documentation or modify existing documentation to satisfy your internal and external compliance requirements. The main benefits from using these tools are: reduction in project and ongoing costs, faster time to deliver and less drain on internal resources.

There you go - IT Governance documentation simplified.


Welcome to the airlinetechnology.net Solutions blog!