Document Management
Overview
The Document Management module is a foundational component of the Information Security Essentials product, providing a centralized repository for all security-related documentation. This module enables organizations to store, organize, and maintain the various documents that support their information security program, including policies, procedures, guidelines, and evidence.
Effective document management is critical for maintaining an organized security program, demonstrating compliance, and ensuring that stakeholders have access to current, accurate information. This module integrates with other components of the Information Security Essentials product, providing document storage and retrieval capabilities for policies, controls, and evidence.
Key Features
Document Repository
Centralized Storage - Store all security documentation in one secure location
Document Types - Support for various document formats (PDF, Word, Excel, images, etc.)
Folder Structure - Organize documents in a logical hierarchy
Metadata - Add descriptive information to facilitate document discovery
Search Capabilities - Quickly find documents using advanced search options
Version Control
Version History - Track changes to documents over time
Change Tracking - Record who made changes and when
Version Comparison - View differences between document versions
Rollback - Restore previous versions when needed
Audit Trail - Maintain a complete history of document modifications
Access Control
Permission Management - Define who can view, edit, and approve documents
Role-Based Access - Assign permissions based on user roles
Document Classification - Categorize documents by sensitivity level
Sharing Controls - Securely share documents with specific users or groups
External Access - Optionally provide controlled access to external stakeholders
Document Lifecycle Management
Status Tracking - Monitor document status (Draft, Review, Approved, etc.)
Review Workflows - Define and enforce document review processes
Expiration Management - Set and track document expiration dates
Archiving - Preserve historical documents while maintaining access to current versions
Retention Policies - Implement document retention requirements
Integration Capabilities
Policy Management - Store and manage policy documents
Control Documentation - Maintain control implementation guides and procedures
Evidence Repository - Organize evidence of control implementation
Cross-References - Link related documents for easy navigation
External Systems - Import and export documents to other platforms
Getting Started
Accessing the Document Management Module
Log in to your AskInfosec account
Navigate to the main dashboard
Select "Documents" from the main navigation menu
You will be directed to the Document Management dashboard
Document Management Dashboard
The Document Management dashboard provides an overview of your organization's security documentation, including:
Recent Documents - Recently added or modified documents
Document Categories - Organized view of documents by type
Quick Search - Easily find specific documents
Pending Reviews - Documents awaiting review or approval
Expiring Documents - Documents approaching expiration dates
Managing Documents
Uploading Documents
To add a new document to the repository:
From the Document Management dashboard, click the "Upload" button
Select the file(s) to upload from your computer
The system supports various file formats, including:
PDF (.pdf)
Microsoft Office documents (.docx, .xlsx, .pptx)
Text files (.txt, .md)
Images (.png, .jpg, .gif)
Compressed archives (.zip) for multiple related files
Enter document metadata:
Title
Description
Document Type
Category
Tags
Classification Level
Expiration Date (if applicable)
Select the appropriate folder location
Click "Upload" to add the document to the repository
Creating Documents
To create a new document directly in the system:
From the Document Management dashboard, click "Create Document"
Select the document type (Policy, Procedure, Form, etc.)
Enter the document title and metadata
Use the built-in editor to create the document content
Save the document as a draft or submit it for review
Organizing Documents
To maintain an organized document repository:
Create a logical folder structure based on:
Document type (policies, procedures, evidence, etc.)
Security domain (access control, incident response, etc.)
Compliance framework (ISO 27001, NIST, etc.)
Use consistent naming conventions for files and folders
Apply relevant metadata to facilitate search and filtering
Regularly review and clean up the repository structure
Searching for Documents
To find specific documents:
Use the search bar at the top of the Document Management dashboard
Enter keywords, document titles, or content text
Use advanced search options to filter by:
Document type
Category
Tags
Date range
Author
Status
Sort search results by relevance, date, or title
Save frequently used searches for quick access
Document Version Control
Creating Document Versions
The system automatically manages document versions:
When you edit an existing document, the system creates a new version
Each version is assigned a sequential number
The latest version is displayed by default
Previous versions remain accessible for reference
Viewing Version History
To see a document's version history:
Open the document details page
Click the "Version History" tab
View a list of all versions with:
Version number
Date modified
Modified by
Change comments
Comparing Versions
To see what changed between versions:
From the Version History tab, select two versions to compare
Click "Compare"
The system highlights additions, deletions, and modifications
Review the changes to understand what was updated
Restoring Previous Versions
To revert to an earlier version:
From the Version History tab, locate the desired version
Click "Restore This Version"
Add a comment explaining why you're restoring the version
Confirm the restoration
The system creates a new version based on the restored content
Document Access Control
Setting Document Permissions
To control who can access a document:
Open the document details page
Click the "Permissions" tab
Set the default access level:
Public (all users in your organization)
Restricted (specific users or groups)
Confidential (only document owners and approvers)
Add specific users or groups and define their permissions:
View Only
Edit
Approve
Manage Permissions
Save the permission settings
Document Classification
To classify documents by sensitivity:
When creating or editing a document, select the appropriate classification:
Public
Internal
Confidential
Restricted
The system applies default access controls based on classification
Visual indicators show the document's classification level
Users receive appropriate warnings when accessing sensitive documents
Sharing Documents
To share documents with specific users:
Open the document details page
Click "Share"
Enter the email addresses of recipients
Set permission level for each recipient
Add an optional message
Click "Share" to send notifications to recipients
Document Lifecycle Management
Document Status Workflow
Documents typically follow this lifecycle:
Draft - Initial creation and editing
Review - Subject matter expert evaluation
Approval - Final sign-off by authorized approvers
Published - Active and available to intended audience
Archived - No longer active but preserved for reference
Managing Document Reviews
To initiate and track document reviews:
Open the document details page
Click "Request Review"
Select reviewers from your organization
Set a review deadline
Add review instructions
Click "Send Request" to notify reviewers
Track review status on the document details page
Reviewers can add comments and suggest changes
Once all reviews are complete, the document can move to approval
Document Approval Process
To obtain formal approval for a document:
After the review stage is complete, click "Request Approval"
Select approvers based on document type and content
Set an approval deadline
Approvers receive notifications to review and approve the document
Approvers can approve, reject, or request changes
Once all approvals are received, the document status changes to "Approved"
The approved document can then be published for wider access
Document Expiration and Review Cycles
To manage document currency:
Set an expiration date or review cycle when creating a document
The system tracks these dates and sends notifications when review is due
Document owners can:
Review and confirm the document is still current
Update the document with new information
Extend the expiration date
Archive the document if no longer needed
The system maintains a record of all reviews, even when no changes are made
Archiving Documents
When a document is no longer active:
Open the document details page
Click "Archive Document"
Provide a reason for archiving
Select whether to:
Keep the document accessible (read-only)
Restrict access to specific users
Move to long-term storage
The document is marked as archived and moved from active document lists
Archived documents remain searchable for authorized users
Integration with Other Modules
Policy Document Management
The Document Management module supports the Policy Document Management process by:
Storing policy documents in a structured repository
Maintaining version history of policy changes
Supporting policy review and approval workflows
Providing access controls for policy distribution
Enabling policy search and discovery
Control Management
For the Control Management module, Document Management provides:
Storage for control implementation guides
Organization of control assessment procedures
Management of control evidence documents
Version control for control documentation
Access controls for sensitive control information
Evidence Management
The Document Management module supports evidence collection by:
Providing a secure repository for evidence files
Maintaining evidence integrity through version control
Organizing evidence by control, policy, or compliance requirement
Supporting evidence review workflows
Enabling evidence search and retrieval during audits
Reporting and Analytics
Document Inventory Reports
Generate reports on your document repository:
Navigate to the Reports section
Select "Document Inventory Report"
Choose filtering and grouping options
Generate the report
Export to PDF, Excel, or CSV format
Document Status Reports
Track document lifecycle status:
Navigate to the Reports section
Select "Document Status Report"
Filter by status, type, or date range
Generate the report
Identify documents requiring attention
Review and Expiration Reports
Monitor upcoming document reviews:
Navigate to the Reports section
Select "Document Review Report"
View documents due for review in the selected timeframe
Generate notifications for document owners
Track review completion status
Best Practices
Document Organization
Establish a clear structure - Create a logical hierarchy of folders
Use consistent naming - Develop and follow standard naming conventions
Apply comprehensive metadata - Include relevant tags and categories
Limit folder depth - Avoid deeply nested folders that make navigation difficult
Create document templates - Ensure consistency across similar documents
Version Control
Document changes - Always include comments explaining what changed and why
Use meaningful version numbers - Consider major/minor versioning for significant changes
Limit draft versions - Consolidate changes before creating new versions
Perform regular reviews - Periodically verify that the current version is still accurate
Archive obsolete versions - Maintain a clean repository while preserving history
Access Management
Follow least privilege - Grant only the access levels users need
Review permissions regularly - Audit access rights to prevent permission creep
Use groups for permissions - Assign permissions to groups rather than individuals
Classify appropriately - Don't over-classify documents, which limits useful sharing
Train users on handling - Ensure users understand how to handle documents based on classification
Document Quality
Maintain consistency - Use standard formats and terminology
Include metadata - Add comprehensive information about the document
Verify accuracy - Ensure content is correct and up-to-date
Check for completeness - Include all necessary information
Ensure readability - Use clear language and appropriate formatting
Troubleshooting
Common Issues
Upload failures - Check file size and format compatibility
Permission problems - Verify user roles and document access settings
Search difficulties - Ensure proper metadata and indexing
Version conflicts - Resolve competing changes to the same document
Workflow bottlenecks - Address delays in review and approval processes
Getting Support
If you encounter issues with the Document Management module:
Check the in-app help documentation
Contact your organization's system administrator
Submit a support ticket through the AskInfosec support portal
Conclusion
Effective document management is essential for maintaining an organized, accessible information security program. The Document Management module provides the tools and structure needed to store, organize, and maintain all your security documentation.
By following the processes outlined in this guide, you can establish a robust document repository that supports your security policies, controls, and compliance efforts while ensuring that stakeholders have access to current, accurate information when they need it.
Last updated