3.0 Networking Operations
3.2 Organizational Documents and Policies
Plans and Procedures
Change Management - Details how often changes can be made, for how long, the process to implement change, and fall back procedures if things don’t go well.
Incident Response Plan - Documented procedures and responses to different incidents. Should include disaster recovery plans for many different types of disasters.
Business Continuity Plan - A plan to continue business functions during disaster/during transition to recovery. May require non-technical solutions, and should be tested to ensure reliability.
System Life Cycle - Resource procurement and decommissioning process. Data destruction/preservation plan. Disposal process.
Standard Operating Procedures (SOP) - Process for when a device fails or goes down. Contact info for facilities issues. Keep online and offline; manual for what to do and who to contact for normal issues.
Hardening and Security Policies
Password Policy - Password requirements to ensure password strength
Acceptable Use Policy - Documentation for acceptable uses and what is a misuse of an organization’s technology.
Bring Your Own Device (BYOD) Policy - Requirements for using personal devices on an org’s network often including MDM (mobile devices mgmt) policy to track and control data/data loss.
Remote Access Policy - Security requirements that should be followed before accessing an org’s network remotely. Can be applied to remote employees or 3rd party vendors.
On-boarding and Off-boarding Policy - Process details for bringing a new person on to a team, to ensure they get all required resources, and to ensure resource removal when they leave the team.
Security Policy - Documented details of process and procedures related to IT security.
Data Loss Policy (DLP) - Designed to look for sensitive data and block it from transferring across the network.
Common Documentation
Physical Network Diagram - Physical map of how data travels the network through various devices.
Floor Plan - Physical layout over a map of the location, includes wiring, access points, port labels, wireless coverage.
Rack Diagram - Documentation for where network devices are in a rack and how their wires are connected.
Intermediate/Main Distribution Frame (IDF/MDF) Documentation - Termination of wiring for internal and external connections, good testing location, mdf will be with the data center and idf will be a middle point between mdf and endpoints.
Logical Network Diagram - Logical abstraction of a network map, high-level overview for data flows.
Wiring Diagram - ANSI/TIA 606 wire labeling standard, best practices, port labeling, and documentation of cabling.
Site Survey Report - Determine existing wireless setup, identify APs, existing external frequencies, plan for recurring site surveys to document changes over time, heat maps to show wireless coverage.
Audit and Assessment Report - Validate existing policies are being followed, can be internal or external, sometimes a legal requirement.
Baseline Configurations - Track and record past performance to compare against current performance to see changes and trends.
Common Agreements
Non-Disclosure Agreement (NDA) - A signed agreement between parties to keep information confidential; usually comes with penalties for breaking the agreement. Used to protect business activities, trade secrets, etc. Sometimes unilateral (only one party must keep the secret).
Service-Level Agreement (SLA) - Documents the minimum requirements agreed to for services such as uptime and response time. Documents expectations between multiple parties; usually formal and signed.
Memorandum of Understanding (MOU) - Letter of intent for services, might include confidential info not to be shared, but not usually a formally signed document.