This is an automated archive.

The original was posted on /r/cybersecurity by /u/Victor2Delta on 2023-08-07 18:50:29+00:00.

Hello there,

Anyone encountered this before? I feel like I am being kind of pedantic but my main task within our SOC is to maintain, update, organize documents overall among other ad hoc tasks. Something I picked up on was everything is an “SOP”.

I will give an example, we have a database “SOP” but no where in this “SOP” does it have steps to do anything. It is all high level overview and strategy of how it works, very broadly speaking. In fact its not even really for SOC but we are asked to help review it and keep a updated copy for audit.

In my mind this is simply a document for information.

I noticed in our 2nd line documents, that I do not maintain just reference, are broken up very clearly into policy,standards, baselines and procedures. Might be some others not remembering.

I’d like to have more distinction on what is an actual SOP with steps that achieves an actual outcome versus here is a document with information that sometimes has no practical value to SOC analyst.