Reference Material Fields
Reference Material records are intentionally lightweight — a reference identifier, a description, and a link to where the material lives.
1. Business Reference
-
What it’s for: The document reference number, code, or identifier for this material — the label used to cite it formally.
-
What to include:
- Use the standard’s official number or the organisation’s internal reference code.
- This field enables cross-referencing: when another document cites “ISO 27001” or “POL-SEC-001”, this is the field that matches.
- Leave blank if the material has no formal reference — the Name field serves as the identifier in that case.
-
Examples:
ISO 27001:2022POL-DATA-003SOX Section 404Schedule 3 — Service Level AgreementFCA COBS 4.2
2. Description
-
What it’s for: A brief explanation of what this reference material covers and why it is relevant to the solution.
-
What to include:
- Summarise the scope of the document and what area of the solution it applies to.
- Note whether the solution must comply with it, should align to it, or simply references it as context.
- Keep it brief — one or two sentences is usually sufficient.
-
Example:
"The Information Security Management standard that defines the requirements for establishing, implementing, and maintaining an information security management system (ISMS). The solution must demonstrate compliance with its controls during the security assessment."
3. Link to Reference Material
- What it’s for: A direct URL to the reference material.
- What to include:
- Link to the specific document, page, or section wherever possible — not just a home page or document library root.
- For internal documents: a direct link to the file in SharePoint, Confluence, or the relevant document management system.
- For external standards: a link to the standard’s official page or the organisation’s licensed copy.
- If the document requires access permissions, still include the link — recipients who need access can request it.
Last updated on