Document control (draft)
This procedure defines how ISMS documents are created, reviewed, updated, and retired so they remain accurate, findable, and auditable.
| Owner | Information Security Officer |
| Contact | infra@lef.tec.br |
| Version | 0.1 |
| Last updated | 2025-12-24 |
| Review cadence | On major process changes |
1. Scope
Section titled “1. Scope”Applies to ISMS documentation stored in this repository under src/content/docs/.
2. Roles (draft)
Section titled “2. Roles (draft)”- Document owner: accountable for accuracy and review cadence.
- Reviewer/approver: validates changes before publication.
3. Lifecycle
Section titled “3. Lifecycle”3.1 Create
Section titled “3.1 Create”- Use a clear
title:and (optional)description:. - Keep scope and intent explicit (policy vs procedure vs reference).
- Prefer linking to canonical pages over duplicating facts (“one fact, one place”).
3.2 Review and approve
Section titled “3.2 Review and approve”- Changes are proposed via PR and reviewed before merge.
- Review should confirm: scope, clarity, link hygiene, and that no secrets are included.
3.3 Publish and communicate
Section titled “3.3 Publish and communicate”Publication happens when the PR is merged.
3.4 Update
Section titled “3.4 Update”- Update
VersionandLast updatedwhen requirements change. - For significant changes, summarize the change in the PR description.
3.5 Retire
Section titled “3.5 Retire”- If a document is no longer valid, remove it or mark it obsolete and point to the replacement.
4. Naming and structure rules (site-specific)
Section titled “4. Naming and structure rules (site-specific)”- Filenames use
kebab-case.mdx. - Use MDX comments
{/* ... */}(not HTML comments). - Prefer stable paths; if a page must move, ensure inbound links are updated.
5. Records / evidence
Section titled “5. Records / evidence”- Git history (PRs + commits) is the primary record of changes and approvals.
- Automated checks (lint) provide link hygiene and structural compliance.