Every information security and IT compliance professional knows, deep down, that documenting compliance efforts is critical to the ongoing viability of an IT compliance program. Why then, does this important task often slip off the radar and get added to those ubiquitous “we need to get to that someday” lists that litter the desktops of corporate America?

Documenting compliance efforts is more than a luxury. While we know that written descriptions of security controls are important to ensure continuity of compliance efforts in large organizations where responsibilities often shift from department to department or among individuals as they change positions, it’s equally important to remember that many regulations specifically require the formal documentation of security controls. Maintaining this documentation is one of the most often overlooked IT compliance activities. In this tip, we examine ways that you can improve the documentation of your compliance controls, develop a sustainable program to maintain documentation and understand some of the specific documentation requirements that you may need to follow.

Read more: Documentation is Critical to Compliance Efforts
Originally published on SearchSecurity.com, September 2013