Ensuring that new and enhanced systems are adequately documented. All too often, due to budget and other resource limitations, documentation can be limited or even totally ignored. The Information Security threats become substantial - especially where changes and amendments are required, possibly at short notice for regulatory or other reasons.

• When a sudden problem occurs on the system, a lack of adequate documentation can greatly increase the risk of serious mishap. 'Fixes' may be based upon staff experience and not supported by the original developer's documentation.

• If your organisation is operating its major systems without comprehensive and up-to-date documentation, you should seriously consider initiating a project to remedy this.

• Missing, out-dated or incomplete documentation can severely compromise the organisation's ability to maintain its software and systems.

• All Systems Development work should be documented, i.e. as System Requirements; System Specification; System Design; System Functions etc.
• Ensure that copies of all documentation, whether paper or electronic, are saved and placed into safe storage at the remote store.

• Without documentation it still remains possible to perform a peer review of the source code, but its effectiveness is reduced and can allow errors and omissions to slip through, into Systems Testing and perhaps beyond, into User Acceptance Testing.

• Always produce appropriate documentation as an integral part of the development process, not as an 'optional extra'.