Network Documentation Policy
This network documentation policy is an internal IT policy and defines the requirements for network documentation This policy defines the level of network documentation required such as documentation of which switch ports connect to what rooms and computers. It defines who will have access to read network documentation and who will have access to change it. It also defines who will be notified when changes are made to the network.
This policy is designed to provide for network stability by ensuring that network documentation is complete and current. This policy should complement disaster management and recovery by ensuring that documentation is available in the event that systems should need to be rebuilt. This policy will help reduce troubleshooting time by ensuring that appropriate personnel are notified when changes are made to the network.
The network structure and configuration shall be documented and provide the following information:
- IP addresses of all devices on the network with static IP addresses.
- Server documentation on all servers as outlined in the "Server Documentation" document.
- Network drawings showing:
- The locations and IP addresses of all hubs, switches, routers, and firewalls on the network.
- The various security zones on the network and devices that control access between them.
- The locations of every network drop and the associated switch and port on the switch supplying that connection.
- The interrelationship between all network devices showing lines running between the network devices.
- All subnets on the network and their relationships including the range of IP addresses on all subnets and netmask information.
- All wide area network (WAN) or metropolitan area network (MAN) information including network devices connecting them and IP addresses of connecting devices.
- Configuration information on all network devices including:
- Configuration shall include but not be limited to:
- IP Address
- Default gateway
- DNS server IP addresses for primary and secondary DNS servers.
- Any relevant WINS server information.
- Network connection information including:
- Type of connection to the internet or other WAN/MAN including T1,T3, frame relay.
- Provider of internet/WAN/MAN connection and contact information for sales and support.
- Configuration information including netmask, network ID, and gateway.
- Physical location of where the cabling enters the building and circuit number.
- DHCP server settings showing:
- Range of IP addresses assigned by all DHCP servers on all subnets.
- Subnet mask, default gateway, DNS server settings, WINS server settings assigned by all DHCP servers on all subnets.
- Lease duration time.
The IT networking and some enterprise security staff shall have full access to all network documentation. The IT networking staff shall have the ability to read and modify network documentation. Designated enterprise security staff shall have access to read and change network documentation but those not designated with change access cannot change it. Help desk staff shall have read access to network documentation.
5.0 Change Notification
The help desk staff, server administration staff, application developer staff, and IT management shall be notified when network changes are made including.
- Reboot of a network device including switches, routers, and firewalls.
- Changes of rules or configuration of a network device including switches, routers, and firewalls.
- Upgrades to any software on any network device.
- Additions of any software on any network device.
- Changes to any servers which perform significant network functions whether configuration or upgrade changes are made. These servers include:
Notification shall be through email to designated groups of people.
- Domain controllers
6.0 Documentation Review
The network or IT manager shall ensure that network documentation is kept current by performing a monthly review of documentation or designating a staff member to perform a review. The remedy or help desk requests within the last month should be reviewed to help determine whether any network changes were made. Also any current or completed projects affecting network settings should be reviewed to determine whether there were any network changes made to support the project.
7.0 Storage Locations
Network documentation shall be kept either in written form or electronic form in a minimum of two places. It should be kept in two facilities at least two miles apart so that if one facility is destroyed, information from the other facility may be used to help construct the IT infrastructure. Information in both facilities should be updated monthly at the time of the documentation review.