Save Yourself the Hassle: Write it Down!

One of the most frustrating things about working on audits is when a company is doing all the right things (processes, procedures) – but there’s no documentation to back that up. For many auditors, lack of documentation is a material weakness; not having the written documentation is tantamount to not having the correct processes or technical controls.

Ed takes on this subject in his latest TechNews article:

Organizations that do all the right things in terms of IT security and compliance can still suffer greatly when it comes time for an audit simply because they didn’t document the processes and controls they’ve implemented. From a purely compliance point of view, it’s worse to have a functional control that’s undocumented than it is to not have the control at all.