ISO/IEC 27001 Control 5.37: Documented operating procedures

Operating procedures for information processing facilities should be documented and made available to personnel who need them.

MidPoint is optional for implementation of this control.

Implementation of this control without midPoint is feasible. However, midPoint provides considerable advantages for implementation of this control, making the implementation more efficient and reliable.

MidPoint has built-in documentation capabilities that assist in documenting operation procedures and responsibilities.

MidPoint identity model provides capability to set business-oriented description for any object. This is especially useful for applications, application and business roles and other objects related to operational procedures. The description may be used to specify details about business and operational usage of the object. Moreover, midPoint integral documentation (midScribe) allows attaching configuration documentation to midPoint objects, assisting in system administration procedures. Support and escalation contacts in operational procedures may be specified using group or organizational membership, using midPoint organizational structure. This avoids a need to update operational procedures every time a person is reassigned. Roles and responsibilities regarding identity governance procedures can be specified using role governance mechanisms, e.g. using concept of role owner in operational procedures instead of using concrete person names.