🗂️ Resources Open a Ticket

    Home

    1. Company Structure & Workforce

    01. Company Structure & Workforce Documentation

    This document outlines the structure, content, and organizational approach for the "Company Structure & Workforce" category. It is designed to provide a clear, auditable, and scalable foundation for compliance, security, and operational maturity. The structure aligns with leading frameworks (SOC2, ISO 27001, NIST) and best practices for knowledge management21.

    Overview
    The "Company Structure & Workforce" category captures the essential elements of your organization's legal, operational, and human resource structure. This documentation is foundational for governance, risk management, compliance, and effective security operations2.

    Legal Entity Structure

    Purpose: Document the company's legal entities, subsidiaries, and registration details.

    Contents
    • Certificates of incorporation
    • Entity registration documents
    • Ownership structure diagrams
    • Board of directors lists
    • Ethical Management Survey (Template)

    Employee Census
    Purpose: Maintain an up-to-date record of all employees.

    Contents
    • Employee roster (names, roles, departments)
    • Employment status (active, on leave, terminated)
    • Start/end dates
    • Demographic summaries (if required for compliance)

    Contractor Identification

    • Purpose: Identify and track all contractors and temporary staff.
    • Contents:
      • Contractor agreements
      • Assignment details (roles, duration, access levels)
      • Contact information
      • Onboarding/offboarding records

    MSPs Inventory

    • Purpose: List all Managed Service Providers (MSPs) and outsourced workforce.
    • Contents:
      • MSP contracts and scopes of work
      • Points of contact
      • Security and compliance attestations

    Organizational Chart

    • Purpose: Visualize reporting lines and organizational hierarchy.
    • Contents:
      • Org charts (PDF, Visio, or online diagrams)
      • Departmental breakdowns
      • Key leadership roles

    Business Units & Functions

    • Purpose: Define business units, departments, and their functions.
    • Contents:
      • Department descriptions
      • Functional responsibilities
      • Cross-functional team documentation

    Geographical Presence

    • Purpose: Map the company’s physical and operational footprint.
    • Contents:
      • Office locations (addresses, points of contact)
      • Regional legal entities
      • Maps and site diagrams

    Best Practices for Documentation

    • Version Control: Use clear versioning for all documents.
    • Access Management: Restrict sensitive folders (e.g., Employee Census) to HR and authorized personnel.
    • Artifacts & Evidence: Store relevant artifacts (e.g., org charts, registration certificates) in dedicated subfolders for audits or compliance checks.
    • Templates: Maintain templates for recurring documents (e.g., census spreadsheets, org chart formats) in a central "Templates" folder.
    • Research & Guidance: Include a "Research" subfolder for ongoing studies or industry benchmarks, if applicable.

    Compliance Mapping

    This category supports foundational requirements in major frameworks:
    • SOC2: CC1.2, CC1.3, CC1.4, CC9.1
    • ISO 27001: A.6, A.7, A.15
    • NIST: ID.AM-6
    Maintaining this documentation ensures readiness for audits and supports downstream security and compliance processes.

    Related

    Company organization chart