The Dashboard document repository provides a single, permanent location to view all documentation uploaded in support of compliance.
Navigate to the Document Repository using the folder icon in the main navigation on the left.
When documentation is viewed in the repository, it is saved under one of two main categories 1) Policy and 2) Other.
Policy documents are limited to the predefined policies required for compliance. These include:
- Information Security Policy
- IT Business Continuity – Backup Recovery Policy
- POAM – Plan of Action and Milestones
- Incident Reporting and Data Breach Response Policy
- Acceptable Use Policy
- Information Security Program
- HR Personnel Security Management Policy
- Technical Controls Policy
- Security Operations Policy
Other documents include any files uploaded as documentation associated with compliance activities. For example: a screen shot of a report that shows the security status of a given system – which I uploaded when I was addressing a specific control.
Most documents will be uploaded from inside the tool and associated with the control they address. However, some documents, like Policy documents or other organizational information may not be associated with any individual controls. These documents can be uploaded from the Document Repository page. Further, any document uploaded to the repository can be associated with any individual control at any time.
Deleting Files from the Repository
Documents can not be deleted from the Repository in the current version of the tool. This feature is, however, coming soon.