Training for policies, procedures, and standards
-
My goal is to be able to write some of these and then hand them over to one of the tech writers so it can be perfected and tweaked. I am having a hard time understanding where to start from scratch as this is not my area of expertise.
-
The most simple place to start is with just system documentation. How things are setup, what OS, what hypervisor, what specs and explain why 1vCPU and 1GB ram is the standard practice for VM creation (it doesn't waste resources) and it's easy to increase, but difficult to decrease.
-
I want to create these documents for something that is not implemented yet. So basically I am starting from scratch.
-
@irj said in Training for policies, procedures, and standards:
I want to create these documents for something that is not implemented yet. So basically I am starting from scratch.
You still start with the system documentation, how things are setup, the reasoning for setting them up like that, known or foreseen issues with the configuration, limitations of the system, recovery procedures etc.
-
Reasoning behind why it wasn't setup in some other fashion.
-
@dustinb3403 said in Training for policies, procedures, and standards:
@irj said in Training for policies, procedures, and standards:
I want to create these documents for something that is not implemented yet. So basically I am starting from scratch.
You still start with the system documentation, how things are setup, the reasoning for setting them up like that, known or foreseen issues with the configuration, limitations of the system, recovery procedures etc.
It isn't setup yet. I need to create this documentation first. I am looking at best practices which give me some great ideas for implementation. However, I will need to create my own variations. I will need to have everything in place before getting the support I need and FTEs from upper management.
-
@irj said in Training for policies, procedures, and standards:
@dustinb3403 said in Training for policies, procedures, and standards:
@irj said in Training for policies, procedures, and standards:
I want to create these documents for something that is not implemented yet. So basically I am starting from scratch.
You still start with the system documentation, how things are setup, the reasoning for setting them up like that, known or foreseen issues with the configuration, limitations of the system, recovery procedures etc.
It isn't setup yet. I need to create this documentation first. I am looking at best practices which give me some great ideas for implementation. However, I will need to create my own variations. I will need to have everything in place before getting the support I need and FTEs from upper management.
But as you set it up, you document it. This isnt a chicken or egg scenario. . .
-
@dustinb3403 said in Training for policies, procedures, and standards:
@irj said in Training for policies, procedures, and standards:
@dustinb3403 said in Training for policies, procedures, and standards:
@irj said in Training for policies, procedures, and standards:
I want to create these documents for something that is not implemented yet. So basically I am starting from scratch.
You still start with the system documentation, how things are setup, the reasoning for setting them up like that, known or foreseen issues with the configuration, limitations of the system, recovery procedures etc.
It isn't setup yet. I need to create this documentation first. I am looking at best practices which give me some great ideas for implementation. However, I will need to create my own variations. I will need to have everything in place before getting the support I need and FTEs from upper management.
But as you set it up, you document it. This isnt a chicken or egg scenario. . .
Not in this case since NIST clearly defines what the program needs to be. We need to be in compliance and in an enterprise the only way these things carry any weight is having a policy signed by C level.
-
@irj said in Training for policies, procedures, and standards:
@dustinb3403 said in Training for policies, procedures, and standards:
@irj said in Training for policies, procedures, and standards:
@dustinb3403 said in Training for policies, procedures, and standards:
@irj said in Training for policies, procedures, and standards:
I want to create these documents for something that is not implemented yet. So basically I am starting from scratch.
You still start with the system documentation, how things are setup, the reasoning for setting them up like that, known or foreseen issues with the configuration, limitations of the system, recovery procedures etc.
It isn't setup yet. I need to create this documentation first. I am looking at best practices which give me some great ideas for implementation. However, I will need to create my own variations. I will need to have everything in place before getting the support I need and FTEs from upper management.
But as you set it up, you document it. This isnt a chicken or egg scenario. . .
Not in this case since NIST clearly defines what the program needs to be. We need to be in compliance and in an enterprise the only way these things carry any weight is having a policy signed by C level.
Then the only PPS you can create is to pull information out of your ass, if you can't see and work on a system how can you possibly draft documentation on it?
I guess you should just rip a copy of the owners manual for any solution you want to use, and have the C level sign off on that.
-
@dustinb3403 said in Training for policies, procedures, and standards:
@irj said in Training for policies, procedures, and standards:
@dustinb3403 said in Training for policies, procedures, and standards:
@irj said in Training for policies, procedures, and standards:
@dustinb3403 said in Training for policies, procedures, and standards:
@irj said in Training for policies, procedures, and standards:
I want to create these documents for something that is not implemented yet. So basically I am starting from scratch.
You still start with the system documentation, how things are setup, the reasoning for setting them up like that, known or foreseen issues with the configuration, limitations of the system, recovery procedures etc.
It isn't setup yet. I need to create this documentation first. I am looking at best practices which give me some great ideas for implementation. However, I will need to create my own variations. I will need to have everything in place before getting the support I need and FTEs from upper management.
But as you set it up, you document it. This isnt a chicken or egg scenario. . .
Not in this case since NIST clearly defines what the program needs to be. We need to be in compliance and in an enterprise the only way these things carry any weight is having a policy signed by C level.
Then the only PPS you can create is to pull information out of your ass, if you can't see and work on a system how can you possibly draft documentation on it?
I guess you should just rip a copy of the owners manual for any solution you want to use, and have the C level sign off on that.
When it comes to compliance plagiarism is encouraged. You want to be as spot on as possible. I have all the information needed in the form of guidelines. I need to format into policy and procedure.
My question was about learning how to format and create the documentation the correct way. I want it to look as professional as possible.
