External Documents in the I.T. (Information Technology) Field

[Sardokar]

Hello

I work in an IT company that provides solutions ( storage,security...) to customers

At the moment what we control as external documents are the following :

- Supplier requirements to achieve /maintain partnership level
- ISO standard

Should we also add :

- equipment manuals (for servers)
- legal requirements
- Training manuals ( to teach employees how to configure equipment for example)

Or are the first 2 enough ?

kindly,could some people in the I.T. field give me examples of External documents controled by their companies?

Thanks

[AndyN]

Since the term 'I.T' is very wide and all encompassing, it's going to be difficult for anyone to give you anything but very general answers, which may not be much use. We may miss some vital documents, because we don't know what IT services your org. provides...

Tell us what the 'scope' of your services includes.

[Sardokar]

Our Scope is basically :

- Providing solutions (software /hardware ) allowing storage/backup/networking/Security/Virtualization/disaster recovery ...

- Developing customized software solutions or implementing already created software solutions ( premade software programs developed internally)

- Providing training courses (Microsoft,oracle ...etc) to customers

- IT security Auditing and consulting

-EDIT : Also offering support on provided solutions (software/hardware)

All this by working with best of breed technology vendors and having highly qualified IT professionals employees

[yodon]

Specifics aside, what's the risk of NOT controlling them? Are they used by anyone? Might they ever be referenced in other controlled docs? If someone uses the wrong version or can't get access (to the correct version), what happens to your business?

Without knowing more, it would seem like the equipment manuals would, indeed, be important to control as they probably define some key aspects about the system (e.g., you may need to reference them if doing validation on software residing on the server). The training materials also (presuming you use those) as you'd want to ensure folks are trained correctly. Legal docs, probably not (but do the risk assessment to be sure!).

[Jennifer Kirley]

With the rate in which technology advances and the legal risk of getting security wrong, I would certainly consider revision control on OEM manuals and industry specs such as DOE M 470.4-4A. Which ones depends on who your customers are, and which ones give the best information.

[vanputten]

There is no one right answer. What should be controlled depends on what your business system needs to be effective. The answer is based on the application of the principles of the control of documents to attain effectiveness.

[JJ777]

Quote:

In Reply to Parent Post by Sardokar

Hello

I work in an IT company that provides solutions ( storage,security...) to customers

At the moment what we control as external documents are the following :

- Supplier requirements to achieve /maintain partnership level
- ISO standard

Should we also add :

- equipment manuals (for servers)
- legal requirements
- Training manuals ( to teach employees how to configure equipment for example)

Or are the first 2 enough ?

kindly,could some people in the I.T. field give me examples of External documents controled by their companies?

Thanks

In my opinion the legal requirements should be with suppliers/partnership documents.
As for your server manuals and training manuals they are listed in 7.5.1.b it is for your process owner to decide if they want to reference them.

[JaneB]

Quote:

In Reply to Parent Post by Sardokar

Hello

I work in an IT company that provides solutions ( storage,security...) to customers

At the moment what we control as external documents are the following :

- Supplier requirements to achieve /maintain partnership level
- ISO standard

Should we also add :

- equipment manuals (for servers)
- legal requirements
- Training manuals ( to teach employees how to configure equipment for example)

Or are the first 2 enough ?

kindly,could some people in the I.T. field give me examples of External documents controled by their companies?

Thanks

Excellent advice from Yodon and others.

Quote:

In Reply to Parent Post by yodon

Specifics aside, what's the risk of NOT controlling them? Are they used by anyone? Might they ever be referenced in other controlled docs? If someone uses the wrong version or can't get access (to the correct version), what happens to your business?

Without knowing more, it would seem like the equipment manuals would, indeed, be important to control as they probably define some key aspects about the system (e.g., you may need to reference them if doing validation on software residing on the server). The training materials also (presuming you use those) as you'd want to ensure folks are trained correctly. Legal docs, probably not (but do the risk assessment to be sure!).

Think hard on the principles of why one controls documents and the risks of not controlling documents such as the ones you instance.

I think it's probably a yes to those you list (and probably others you haven't) but I'm not on the spot and don't have enough information to say definitively.

Examples of things I've had controlled in an IT environment was manuals (hardware & software), SLAs (Service Level Agreements) with other providers
etc.