Documentation Services

What is IT documentation?

IT documentation is a written record of all the configuration settings on the components of a network. These components include servers, applications, routers, switches, databases, and more. Documentation is needed because these components are extraordinarily complex, configurable, and always changing. Technical staff is often responsible for large numbers of servers and devices, each with a complex collection of settings. IT documentation can provide a central repository of all the relevant information for these settings, their impact, and their values or options.

What are the general benefits of documentation? A thorough understanding of your existing systems will significantly improve your planning and management of the IT infrastructure. This process starts with detailed documentation. This has not always been a priority because it requires time and resources. Most organizations rarely (if ever) document IT infrastructures because, until now, system documentation could only be done manually. By the time a system was entirely documented, the process had to begin all over again to stay current.

Good IT documentation enables you to:

  • Detect security vulnerabilities
  • Simplify server consolidation and network servers
  • Understand dependencies between parts of the network
  • Optimize network and system configuration
  • Standardize configuration settings across all networks and systems
  • Accelerate problem resolution and troubleshooting
  • Migrate to new platforms: knowing that baseline and subsequent changes are critical
  • Manage and preserve system knowledge despite IT staff changes
  • Speed up Disaster Recovery
  • Educate new staff and consultants on the organization’s IT infrastructure
  • Create a standardized “workbook” for outside consultants

Documentation helps streamline migration to new information management application and new platforms like Windows 2000 and Exchange 2000. These products depend on a well-designed network infrastructure. Studying the existing environment prior to migration helps to plan how you want to reconfigure it to make it more efficient.

What are the cost-benefits of IT documentation?

One of the highest costs of Information Systems is the IT staff. Trying to deal with the tasks associated with the initial and continual documentation of network servers can keep IT staff from completing higher priority projects. Software that automatically documents current network server configurations in minutes in natural-language reports can be less than 10% of the cost of hiring an IT professional to do the same and requires virtually no time / attention from your current staff.

The quality, utility, and consistency of the information collected are critical for disaster recovery, IT audits, IT staff training, and certification or accreditation agencies.

Downtime is minimized because current, consistent, and accurate documentation is available for reference. IT systems should be available at all times to provide real-time availability of patient health information to those authorized to access it.

Due to the increasing demand for a decreasing supply of trained IT professionals, staff turnover can be high. Therefore, an efficient method of knowledge retention and transfer is crucial. The right documentation becomes the basis for training new staff with up-to-date information.

Why are server configuration settings important?

In terms of security, servers are the last line of defense. Servers are managed through their settings, so documenting them provides a record of how the server is configured, a check for inconsistencies and potential security vulnerabilities, and a useful troubleshooting tool. IT server configurations change regularly. Since it is key that all servers are configured to meet corporate compliance plans and policies, IT documentation of server configurations should be a fundamental component of any compliant plan to ensure consistent, documented compliance.

How are network and server configurations documented?

Although manual documentation is acceptable, it is time consuming, seldom current, often inaccurate, and a misuse of valuable staff resources. Until now, if network servers were documented at all, it was an expensive and tedious task. Documenting network servers can also be a record-keeping nightmare. The basic steps, in order of occurrence are:

  1. Find all the servers on the network.
  2. Find the servers’ owners and physical locations (this can take days or weeks depending on the size of the organization).
  3. Get access to the servers, assuming the owners are cooperative.
  4. Locate, record, and examine configuration settings (this requires knowledge of where settings are stored, access to the data/interfaces, and time to open the applications and files required).
  5. Interpret the data and settings gathered. Much or all of the information is in “raw-data” format, requiring definition, organization, and explanation to be comprehensible.
  6. Produce a report with varying levels of detail appropriate for various audiences, IT staff, IT auditors, accreditation organizations, and compliance auditors.
  7. Return to step 1 and repeat the process continually.

Now, the above steps can be accomplished in less time with Integrating Technology ’s automated documentation tools that build consistent, current, and comprehensive natural-language reports for you. These easily attainable and readable reports of network and server configurations provide valuable knowledge of the IT system. This knowledge is crucial for the optimal use of IT staff and IT budgets.

What is the difference between back-up tapes and back-up documentation for the network servers?

Backup tapes typically record raw data, not core configuration settings. The tapes are usually stored offline or offsite and the data is retrieved in the event of a problem or corruption. IT server configurations aren’t necessarily “backed-up” unless there is a software program on the system specifically designed for this. Most programs only provide server configuration data in partial or raw-data format and the files require a high-level IT professional to decipher and then reconfigure the servers. If you were not the one who originally installed and configured the servers, you might have quite a time restoring the servers without readily available, readable documentation.

Backing up network servers provides information on server configuration settings before a disaster occurs. It is important to bring the servers to a state of known configuration settings that worked within the IT security network environment prior to a disaster event. For example, one server might have many different applications that require very specific server configurations on one machine, i.e., Windows NT/2000 and Exchange. Reconfiguring a system from memory or multiple incomplete or generic sources is a fast track to a living nightmare.

How does documentation help with risk analysis & risk management?

Risk analysis is the process through which cost-effective security/control measures are selected by assessing the costs of these control measures against the losses that would be incurred if the measures were not in place. Risk analysis is a required implementation feature of the security management process. During the analysis, it is important to identify any security risks, assess the probability of an occurrence of a security risk, and analyze the potential adverse impact is if a security breach occurs. Risk management is the process of assessing risk, taking steps to reduce risk to an acceptable level, and maintaining that level of risk.

What is the difference between a security audit and an IT audit?

A security audit is mechanisms to guard data integrity, confidentiality, and availability. The Security Matrix is comprised of four categories: administrative procedures, physical safeguards, technical security services, and technical security mechanisms. Security audits include both the physical and the informational components of security. Administrative procedures are informational policies such as documenting the IT infrastructure surrounding the data of a healthcare organization: servers, databases, workstations, routers and/or any points of network access.

IT audits encompass some of the physical security audits and all of the information audits. The IT department must have documentation of where hardware components physically exist: the shelf, the room, the floor, the building, the location, the city, and the country. IT audit trail documentation must provide a snapshot of who has access privileges to which servers and if any changes were made to the servers from one point in time to another. They must also document everyone who has physical access to those components at those locations.

The IT department must also audit all of their components from a technology perspective. Configuration settings affect how the components of the network interact with each other from both inside and outside the network. The IT audit provides knowledge that is key to how an organization’s network is functioning, to the security of the patient information stored there, and to the survival of the business.

We Simplify Information Technology

Whether you are a CEO, or IT manager, the demands on the IT environments you support are considerable and complex. Preparing for an IT audit, for example, is a time-consuming and tedious process. Our Documentation services can ensure you have the latest information at hand at all times. This information can be used to create an audit trail to meet mandated requirements, prepare for a security audit, or provide thorough documentation for a system audit. We invite you to experience for yourself the benefits of documentation.

Benefits of system documentation

  • Create baseline system & security documentation for IT auditors.
  • Preserve your IT knowledge base speed up disaster recovery.
  • Train new staff efficiently.
  • Simplify server consolidation & network mergers.
  • Baseline & document platform migrations at each milestone.
  • Take ownership of new systems easily coordinate multi-site projects seamlessly.

Server Hardware

  • BIOS date
  • NIC(s)
  • Number of CPUs
  • Type of CPU
  • Physical disks and partitions
  • Amount of RAM (approx.)

Windows Settings

  • Version
  • Service pack
  • Server type
  • Server licensing mode
  • Trust relationships
  • If domain controller, replication of NT domain information
  • Installed applications
  • Installed services and their status (running, not running, paused)
  • Virtual memory settings
  • Improved service settings (startup type and account used when starting)
  • Event log settings
  • Installation date of the OS

Domain Users and Global Groups

  • Number of Users in the domain.
  • Number of Groups in the domain.
  • General account status about all members of the domain.
  • Specific account status about all members in Domain Admins Group and the Domain Guests Group.
  • Number of members of the Admin and guest groups.

Local Users and Groups

  • Number of users in the local machine.
  • Number of Groups in the local machine.
  • Specific account status about all members of the Administrators Group and the Guests Group.
  • General account status about all local members.
  • Check on whether or not the Admin Account on the PDC and local machine has been renamed or otherwise secured.
  • Check on whether or not the “Guest” account has been renamed or otherwise secured

Password Settings

  • Minimum password length
  • Maximum password age
  • Log-on hour restrictions settings
  • Password history count

TCP/IP Settings

  • IP address (DHCP or Static)
  • DHCP server’s IP address
  • Hostname
  • DNS domain name
  • DNS server
  • IP forwarding

WINS Server Settings

  • Name and location of WINS database file
  • Name and location of WINS log file
  • Name registration, verification, and scavenging intervals