I
I
IllumiDesk
Search…
I
I
IllumiDesk
IllumiDesk Team Handbook
People Group
Introduction
General Employment
Employment Status & Recordkeeping
Working Conditions & Hours
Employee Benefits
Employee Conduct
Timekeeping & Payroll
Security and Compliance
Security Controls
BC.1.01 - Business Continuity Plan
BC.1.0.2 - Business Continuity Plan: Roles and Responsibilities
BC.1.03 - Continuity Testing
BC.1.04 - Business Impact Analysis
CFG.1.01 - Baseline Configuration Standard
CFG.1.03 - Configuration Checks
CM.1.01 - Change Management Workflow
CM.1.02 - Change Approval
CM.1.03 - Change Management Issue Tracker
CM.1.04 - Emergency Changes
DM.1.01 - Data Classification Criteria
DM.2.01 - Terms of Service
DM.4.01 - Encryption of Data in Transit
DM.7.03 - Data Retention and Disposal Policy
IAM.1.01 - Logical Access Provisioning
IAM.1.02 - Logical Access De-Provisioning
IAM.1.04 - Logical Access Review
IAM.1.05 - Transfers: Access De-Provisioning
IAM.1.06 - Shared Logical Accounts
IAM.1.08 - New Access Provisioning
IAM.2.01 - Unique Identifiers
IAM.2.02 - Password Authentication
IAM.2.03 - Multi-factor Authentication
IAM.3.02 - Source Code Security
IAM.4.01 - Remote Connections
IAM.6.01 - Key Repository Access
IR.1.01 - Incident Response Plan
IR.1.03 - Incident response
IR.1.04 - Insurance Policy
IR.2.02 - Incident Reporting
NO.1.01 - Network Policy Enforcement Points
PR.1.01 - Background Checks
RM.1.01 - Risk Assessment
RM.1.02 - Continuous Monitoring
RM.1.04 - Service Risk Rating Assignment
RM.1.05 - Risk Management Policy
RM.3.01 - Remediation Tracking
SDM.1.01 - System Documentation
SG.1.01 - Policy and Standard Review
SG.2.01 - Information Security Program Content
SG.5.03 - Security Roles and Responsibilities
SG.5.06 - Board of Director Bylaws
SG.5.07 - Board of Directors Security Program Content
SLC.1.01 - Service Lifecycle Workflow
SLC.2.01 - Source Code Management
SYS.1.01 - Audit Logging
SYS.2.01 - Security Monitoring Alert Criteria
SYS.2.07 - System Security Monitoring
TPM.1.01 - Third Party Assurance Review
TPM.1.02 - Vendor Risk Management
TRN.1.01 - General Security Awareness Training
TRN.1.02 - Code of Conduct Training
VUL.1.01 - Vulnerability Scans
VUL.1.03 - Approved Scanning Vendor
VUL.2.01 - Application & Infrastructure Penetration Testing
VUL.3.01 - Infrastructure Patch Management
VUL.3.02 - End of Life Software
VUL.4.01 - Enterprise Protection
VUL.5.01 - Code Security Check
VUL.6.01 - External Information Security Inquiries
VPAT Version 2.3
Powered By GitBook
SDM.1.01 - System Documentation

Control Statement

IllumiDesk documents and publishes information about system boundaries and system components. Documentation is available and communicated to internal and external system users through the Employee Handbook.

Context

This control formalizes the idea that we need to keep track of our production systems and maintain quality documentation for easy reference. Most of this control is naturally met by the emphasis we have on documentation, here at IllumiDesk . The remainder of this control is meant to ensure we are publishing any institutional knowledge about how systems interact and that we consider high-level system views as well as individual components. Testing of this control is to see if IllumiDesk has comprehensive document information about our systems and system components. We easily meet this requirement given the nature of our handbook and IllumiDesk's transparency.

Scope

This control applies to all IllumiDesk production systems.

Ownership

    Control owner: Compliance team
    Process owner: N/A - All IllumiDesk Team Members contribute to the handbook and constantly maintain documentation of IllumiDesk systems and system components.

Guidance

The most common form of system documentation is network and data flow diagrams.

Additional control information and project tracking

Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the System Documentation control issue.

Policy Reference

    Design & architecture
    Monitoring/Performance
    Engineering
    Production/Test/Development
    Back-up/recovery
    Security
    Compliance

Framework Mapping

    SOC2 CC
      CC2.3
Previous
RM.3.01 - Remediation Tracking
Next
SG.1.01 - Policy and Standard Review
Last modified 1yr ago
Copy link
Contents
Control Statement
Context
Scope
Ownership
Guidance
Additional control information and project tracking
Policy Reference
Framework Mapping