Naming Conventions Worksheet

Establishing clear naming conventions ensures your ISMS documents are organized, identifiable, and easy to manage.

Why Naming Conventions Matter

Benefits:

• Instant document identification
• Logical organization and searchability
• Professional appearance
• Clear audit trail
• Reduced confusion
• Scalability as ISMS grows

Without conventions: "Final_policy_v2_FINAL_USE_THIS.docx" With conventions: "ISMS-POL-001_InfoSec_Policy_v2.0.pdf"

Part 1: Document ID Structure

Define Your ID Format

Recommended Structure: [PREFIX]-[TYPE]-[NUMBER]

Example: ISMS-POL-001

Your Organization:

• Prefix: _______ (e.g., ISMS, IS, COMP, or your company code)
• Separator: _______ (hyphen recommended)
• Type Code Length: _______ (3-4 characters)
• Number Format: _______ (001, 0001, or sequential)

Document Type Codes

Part 2: File Name Structure

Complete File Name Format

Recommended: [Document ID]_[Short Description]_v[Version].[Extension]

Example: ISMS-POL-001_InfoSec_Policy_v2.0.pdf

Your Format: _________________________________________________________________

Short Description Rules

• Use underscores or hyphens between words (not spaces)
• Maximum length: _____ characters
• Consistent capitalization
• Clear and concise
• Standard abbreviations: InfoSec = Information Security, Mgmt = Management, Proc = Procedure

Version Numbering

• Draft versions: v0.1, v0.2, v0.3
• Major version changes: v1.0 → v2.0 (significant content or structural changes)
• Minor version changes: v1.0 → v1.1 (clarifications, small corrections)

File Extension Standards

Part 3: Folder Structure

Primary Folder Organization

Your Chosen Approach: By Document Type / By ISO Clause / By Function / Hybrid

Example Structure:

ISMS/ ├── 01_Policies/ ├── 02_Procedures/ ├── 03_Work_Instructions/ ├── 04_Forms_and_Templates/ ├── 05_Plans_and_Programs/ ├── 06_Records/ └── 07_Archives/

Part 4: Special Cases

Records and Evidence Naming

Format: [Form ID][Subject][Date].[ext]

Example: ISMS-FORM-003_Staff_Training_2024-03-15.pdf

Date Formats

Recommended: YYYY-MM-DD (ISO 8601 - sorts correctly)

Example: March 15, 2024 = 2024-03-15

Archived/Obsolete Documents

Handling:

• Move to "Archives" folder with original name
• Add "OBSOLETE" prefix
• Rely on document system's archive function

Part 5: Implementation

Your Complete Naming Standard

Document ID Format: _________________________________________________________________

File Name Format: _________________________________________________________________

Example Policy: _________________________________________________________________

Example Procedure: _________________________________________________________________

Validation Checklist

When creating any new document:

• Document ID follows defined format
• ID is unique (checked against register)
• Short description is clear and concise
• No spaces in file name
• Version number included
• File extension correct for document type
• Saved in correct folder
• Document ID matches ID inside document
• Documented in Document Register

Common Mistakes to Avoid

• Using spaces in file names (use underscores/hyphens)
• Inconsistent capitalization
• Overly long descriptions
• Vague descriptions
• Special characters (! @ # $ % ^ & *)
• Version numbers not matching internal version
• Duplicate IDs

Part 6: Training and Review

Who Needs to Know:

• All staff: Basic awareness of how to identify documents
• Document creators: Detailed naming rules
• ISMS team: Full conventions and rationale
• New employees: Part of onboarding

Review Naming Conventions:

• Annually
• When issues identified
• When ISMS expands significantly
• After audits

This completes Module 4 - Resource Gathering!

Next Module: Module 5 - Control Implementation, where you'll build the walls of your fortress by implementing the 93 Annex A controls.