IT checklist for design documentation

This checklist is for solution designs in enterprise IT when adopting software/ services/ infrastructure from third parties such as Microsoft, Amazon, Dell, etc.


  • Functional requirements with reference to section in the design that delivers the requirement
  • Non-functional requirements with reference to section in the design that delivers the requirement
  • Must have/ Nice to have/ Should have


  • Diagram illustrating components and relationships

Bill of materials

  • List of hardware (physical/ virtual, sizing specifications)
  • List of software
  • List of licences


  • Error logs
  • Service monitoring
  • Synthetic transactions
  • Alerting


  • Availability % with/without maintenance windows


  • Day 1 capacity
  • Maximum capacity
  • Scaling considerations (what do you need to buy/ configure/ connect)


  • Bandwidth, latency, packet loss
  • Firewall source/ destinations/ ports
  • Forward proxy needs (proxy port utilisation/ SSL inspection limits)
  • Reverse proxy needs
  • DNS records (public/ private)
  • Load Balancing
  • VLAN
  • 802.1x port security
  • IP addresses
  • Certificates for Https (pubic cert or private cert)

Physical considerations

Lifecycle management

  • Mainstream and extended support timeframes
  • Patching regularity and patching process/ tools
  • Version upgrade cadence


  • Data sensitivity classification
  • Access restrictions (which devices and from where)
  • Authentication (MFA, special accounts with restrictions)
  • Credential management
  • Encryption at rest
  • Encryption in transit
  • Logging
  • Security boundary definition
  • Firewall requirement (client side/ network)

Disaster Recovery

  • Recovery Time Objective (RTO)
  • Recovery Point Objective (RPO)
  • Geographic distance required
  • Vendor dependence required
  • DR process (automated or semi-automated)
  • DR scope (all or some functions/ features)

Backup and restore

  • Backup frequency and type (full or incremental)
  • Backup retention
  • Offsite backups
  • Backup protection from distraction
  • Frequency of backup testing (restore)
  • Restore granularity (all or nothing, or granular options)


  • Licensing driver
  • Renewal timeframes
  • Agreement dependencies

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s