Complex System of Information Security (CSIS) comprises a set of organizational and technical measures aimed to ensure the protection of information circulating in the system from disclosure, leakage, and unauthorized access (c).
If your company is implementing the CSIS, it’s in for reinforced credibility and boosted sales. And you as a Technical Communicator are in for a bumpy ride. 😊
Let’s take a look at a grueling journey of meticulously described processes, roadmaps, and guidelines that need to accompany every stage of the System development.
Road to CSIS
For the system to acquire the status of the CSIS, there is actually a long way to go. From the stage of the system design to the final launch, software development life cycle (SDLC) needs to be organized under domestic and international standards, such as ISO, IEC, and other reference documents, stipulating the requirements for the System technical specifications, security policy, as well as documentation. Standards compliance is mandatory and is dictated by the official body responsible for the system review and issue of the Сertificate of Сompliance.
The role of the Technical Communicator during this process is to implement the whole pack of accurate standards-compliant documentation. To achieve this, Technical Communicator may need to dip into the roles of a Standards Analyst, Technical Writer, and even Information Security expert! Sounds challenging, huh? 😉 Let’s see how it actually works.
The methodology of implementing the CSIS follows a classic cycle of developing any information system, possibly with slight modifications.
- At the initial stage of the CSIS development, the system is undergoing gap analysis in terms of information security.
- Right after the all-embracing audit aimed at unveiling the system weak points, requirements for the CSIS are stipulated in the form of a standards-compliant technical specification.
- At this stage, a complex of information security measures, both technical and organizational, is implemented. The CSIS model is created.
- The CSIS model undergoes the expert review by the official body, and the company obtains the Certificate of Compliance which proves that the information circulating in the System is effectively protected by both technical and organizational measures.
- During the final stage, the CSIS is deployed and the undertaken security policy becomes an indispensable part of the Information System.
The role of documentation for the CSIS is beyond average: it’s an integral part of the Complex System, and even more—a prerequisite for its existence.
The ultimate company goal—obtaining the Certificate of Compliance—is only possible when the system is accompanied by a set of deliverables comprising:
- Comprehensive technical specifications
- Accurate user documentation
- The description of security testing methodology and scenarios
As an expert in information gathering and organizing, the Technical Communicator can contribute by:
- Analyzing the standards requirements to documentation and creating standards-compliant templates
- Developing a technical specification detailing the System security policy
- Creating user guides: the installation guide, administrator guides (system and security administrator inclusive), end-user guides, and so much more…
So, are you already in?
Promoting the system status to a CSIS and thus attracting new customers seeking extra security is hard work of the whole dedicated team. But it’s extremely important that the team recognize the powerful impact of documentation already on the initial stages of the CSIS implementation. So, if you are getting enthusiastic but yet not sure where to start, standards and other reference documents will get you off the ground and guide you throughout the whole CSIS DDLC. Remember that from now on, standards compliance has to become the part of your content strategy—comprehensive, rigorous, and demanding—but for sure rewarding .😊