Information

Documentation of information objects within business processes – focusing on classification, data protection, and responsibilities.

  2 minute read  

Introduction to the “Information” Segment

The Information segment under the Business section of Docusnap365 enables structured documentation of business-relevant information objects. Unlike physical or technical components (such as servers or interfaces), the focus here is on the content level of the information – for example, what data is exchanged via an interface, where it is stored, and how its protection needs are assessed.

This segment provides transparency around sensitive or business-critical information — regardless of its specific storage location or transmission method.

Typical Information Objects

Examples of content documented in the “Information” segment:

  • Customer data transmitted to a CRM system via an interface
  • Contract documents, billing data, or log files
  • Configuration details, protocol files, or supplier information
  • Information objects from APIs or databases shared with other systems

Structure of the Information Description

Each information object is described using a standardized structure:

General Information

  • Name and Type
    Unique designation and categorization (e.g., “Customer Data,” “Billing Data,” “Logs”).

  • Description
    Free-text field to describe the content.

  • Organization & Location
    Assigned organizational unit and optional storage location.

  • Responsible Person
    The person accountable for the content, maintenance, or protection of the information.

Information Security

  • Classification Level
    Categorization according to internal classification policy (e.g., Internal, Confidential, Secret).

  • Authorized Personnel
    Who is permitted to read or process this information?

  • Protection Needs (according to BSI / IT Baseline Protection)
    Assessment of the following aspects:

    • Confidentiality
    • Integrity
    • Availability

Data Protection

  • Type of Data
    Does it involve personal data?

  • Retention Period
    Storage period according to legal or corporate guidelines.

Backup Configuration

  • Backup Enabled
    Yes/No.

  • Backup Interval and Method
    Frequency and procedure (e.g., daily, weekly, snapshot, tape, etc.).

  • Storage Location
    Technical or organizational storage location of this information object’s backups.

Objectives of the Documentation

  • Transparency & Governance
    Clarity on what information exists in the company and how it is handled.

  • Compliance & Data Protection Support
    Structured documentation of legally relevant data (e.g., GDPR).

  • Risk & Security Assessment
    Systematic evaluation of each information’s protection needs — as the basis for technical and organizational measures.

  • Responsibility Clarification
    Assignment of responsibility for the content, quality, and security of each information object.