Documentation Standards

Organizations should establish appropriate documentation standards. Documentation consists of detailed descriptions and explanations of technology applications, systems, and procedures. Documentation enhances a user's ability to use, review, or modify the applications, systems, and procedures. Management should maintain documentation for all technology resources, including nontechnical policy and procedural guidance, and technical information such as hardware and software configurations, and system and application source codes. The quality and quantity of the documentation should be commensurate with the characteristics and risks of the associated resource. For example, high risk applications should be more formally documented than applications that are considered low risk by the organization.

Development and acquisition project documentation should include project requests, feasibility studies, project plans, testing plans, etc. System documentation, which focuses on system analysis and design, should include system concept narratives, data flow charts, and database specifications. Application documentation should include application descriptions, programming flowcharts, and operations and user instructions.


Previous Section
Testing Standards
Next Section
Project Management Tools