Maintain Comprehensive Network Documentation
Ensure that network documentation is regularly created, updated, and kept available to support network management.
Plain language
Network documentation involves keeping a clear and updated record of your organisation's network setup. This is important because it helps your IT team manage and troubleshoot the network efficiently, ensuring your business runs smoothly and securely. Without it, you risk outages and security issues that can disrupt your operations and potentially expose sensitive information.
Framework
ASD Information Security Manual (ISM)
Control effect
Proactive
Classifications
NC, OS, P, S, TS
ISM last updated
Nov 2023
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for networkingSection
Network design and configurationTopic
Network DocumentationOfficial control statement
Network documentation is developed, implemented and maintained.
Why it matters
Outdated or missing network documentation delays fault isolation, increases misconfiguration risk and can enable unauthorised access or data exposure during changes and outages.
Operational notes
Maintain current network diagrams, IP ranges, VLANs, routing and config baselines; update immediately after changes and reconcile documentation against device configs regularly.
Implementation tips
- System owners should appoint a dedicated person or team to oversee network documentation. They should regularly update records to reflect any changes, like new devices or software installed on the network. This ensures the documentation remains accurate and useful for ongoing management.
- The IT team should create a detailed map of the network. This includes identifying all devices connected, such as computers, routers, and switches, and noting how they are connected. Use diagrams or software tools that can easily be updated to reflect changes.
- Managers should schedule regular reviews of the network documentation. Every few months, arrange a meeting with the IT team to go over the documents and verify that they are up-to-date. This helps catch any discrepancies before they become issues.
- Procurement should coordinate with the IT team to ensure that any new purchases, like hardware or software, are documented immediately. This means noting the device specifications, location on the network, and purpose. This way, new elements are integrated smoothly into the existing network structure.
- The office manager should maintain a centralised location, like a secure online folder or binder, where all network documentation is stored. This ensures it is easily accessible to those who need it, providing a reliable reference point in case of network issues.
Audit / evidence tips
- AskThe current network diagram: Request a copy of the diagram outlining all network connections and devices GoodThe diagram is detailed, up-to-date within the last three months, and accessible to the IT team
- AskTo view the network device inventory list: Request the document listing all devices connected to the network, along with their details GoodThe inventory is complete, regularly updated, and matches the network diagram
- AskRecords of network documentation review meetings: Request past meeting notes or agendas focusing on network documentation GoodMeeting records showing reviews were conducted at least quarterly with clear action items noted
- AskExamples of documentation updates: Request recent updates or change logs to the network documentation GoodChange logs show clear documentation updates corresponding with network modifications, with dates and reasons
- AskTo access the centralised documentation storage system: Request access to the secure repository where network documents are stored and managed GoodThe storage is secure, easily navigable, and access is restricted to authorised personnel
Cross-framework mappings
How ISM-0518 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| handshake Supports (4) expand_less | ||
| Annex A 8.6 | ISM-0518 requires comprehensive network documentation to support network management activities | |
| Annex A 8.9 | ISM-0518 requires organisations to keep network documentation current and available | |
| Annex A 8.20 | ISM-0518 requires organisations to develop, implement and maintain network documentation to support effective network management | |
| Annex A 8.32 | ISM-0518 requires network documentation to be developed and maintained so the organisation can understand and manage the network | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.