Maintaining ownership of your documents, procedures and policies

I'm going to ask this question here as it more relevant to job positions than anything else.

I'd like to know how other people manage their own documents, procedures and policies. These are things that you have created on your own as part of a company's objective. I've been working in the same industry since I started in IT and have worked in 4-5 different companies in a capacity where I had to create various documents, from procedures, policies, project plans and other programs.

I could have reused a lot of these documents from my past jobs to my current job or even futurw jobs if I had kept some of those documents but never it, now I'm again in a position where i need to recreate similiar documents. How do you deal with this? How can you retain and use documents you create in prior positions to new positions without getting in trouble? Is it even possible or not worth it and better to start from scratch?

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

blatini

I don't usually worry about this unless it is scripting, but I would just dropbox/google docs them.

t93cobra

The work you perform while on the job is almost always owned by the company you work for at that time. It may seem cumbersome to "redo" those policies but I find it's in the best interest to do so anyway as you can tailor the policies more easily for your new employer.

TheFORCE

t93cobra wrote: »

The work you perform while on the job is almost always owned by the company you work for at that time. It may seem cumbersome to "redo" those policies but I find it's in the best interest to do so anyway as you can tailor the policies more easily for your new employer.

Yes I understand that, but if I have a set of templates for various things then it's much easier to adapt those templates to the new organization. Not everything will fit but the majority of the work wont have to be redone. I will have to start creating something, i see other people do it so why not.

OctalDump

I think it's worthwhile keeping these. You'd want to check company policy and history of enforcement before proceeding. You would probably end up modifying any document fairly significantly based on the needs of the current organisation and what you've learnt along the way, so it's not like you are just copying and inserting the new organisation name.

If you can't keep the documents themselves, then keeping the research eg all those websites, best practice guides and templates etc is a good idea.

Another option is to encourage your employer to publish their documents publicly

UncleB

If you keep the documents offline (ie there is no chance of the former employer seeing them) and strip out logos and company specifics then how will they ever know.

I developed a wide range of documentation templates over the last few decades (I'm big into implementing best practice and ISO standards in my roles) and keep the templates online but keep offline copies of all the completed ones I have worked on or have worked with (naughty I know), but it means I get to compare and contrast a wide range of implementations and constantly improve what I produce, as well as letting each new employer get an ever better product.

While it is technically a bad thing, there is no risk to the former owners of the documentation (one thing I always do is implement a secure password repository and make them change the password to it every time an admin leaves) and the files are stored on encrypted disks in a hidden volume so there is no risk of them being found. If you can live with the moral dilemma of it, there is a lot of mileage in it for you.

TheFORCE

Yeah thats what I am thinking. Been doing this for a few years now and always left my documents behind,thats my knowledge and my experience that i contributed to the organization. Of course not everything will fit but it's not like I chance industries every time i change jobs, same industry same issues, same obligations, so why not give the org a document that has evolved. Thats the reason we get hired anyway, to improve things because of our past experience.

636-555-3226

I reuse, but I've never worked at a company with strong governance practices or, honestly, with anybody who really cares about where the documents come from or how i got them. most of my documents are pieces of papers we show the auditors once a year to show them we have something in writing and otherwise nobody cares about them.

in my infosec land i actually prefer for people to share this kind of stuff - why reinvent the wheel if someone in a similar situation has already handled it and can share? i'm more than happy to share whatever i've written for my current & past companies if you're in need of any infosec policies or standards. i'll redact the company names, but otherwise they're yours for the taking. also a LOT of colleges/universities publish their documents online, why not use them as a starting point if nothing else for your own?