If you asked most UK business owners to describe their network infrastructure in detail, the vast majority would struggle. They might know they have a server somewhere, a router in a cupboard, and "something to do with the cloud," but the specifics — IP address ranges, VLAN configurations, firewall rules, switch port assignments, wireless access point placements — would be a mystery. This is not a criticism of business owners; it is a reflection of how IT infrastructure tends to grow organically, often without proper documentation.
Network documentation is the comprehensive, accurate, and up-to-date record of every component, configuration, and connection in your IT infrastructure. It is the blueprint of your digital estate. Without it, your business is vulnerable to prolonged outages, costly troubleshooting, compliance failures, and the catastrophic risk of a single person — often a former employee — being the only one who knows how everything fits together.
This guide explains why network documentation matters, what it should include, how to create it from scratch, and how to keep it current as your business grows and changes.
The Real-World Consequences of Poor Documentation
The importance of network documentation becomes painfully clear when something goes wrong. Consider a scenario we encounter regularly with new clients: a business loses internet connectivity on a Monday morning. Without documentation, the IT engineer responding to the emergency must first discover what equipment exists, where it is located, how it is connected, and what the configuration should look like. This detective work can add hours to what should be a straightforward fix.
We once onboarded a client in Leeds whose entire office lost connectivity for two full days because their previous IT support had no record of the firewall configuration. The firewall had failed, a replacement was sourced quickly, but without documentation of the rules, NAT translations, VPN configurations, and port forwarding, the replacement could not be configured correctly. Every rule had to be reverse-engineered from the broken device — a painstaking process that cost the business an estimated £18,000 in lost productivity.
Another common scenario involves staff changes. When the sole IT person leaves a business — particularly if they leave on poor terms — they take all their knowledge with them. If that knowledge was never documented, the business is left with a network they own but do not understand. Recovering from this situation is expensive, time-consuming, and entirely preventable.
The "bus factor" is the minimum number of people who would need to be hit by a bus before a project or system becomes unmanageable. For many UK SMEs, the bus factor for their IT infrastructure is exactly one — a single IT person, whether internal or external, who holds all the knowledge. Proper documentation raises this bus factor dramatically, ensuring that any competent engineer can understand and manage your systems.
What Good Network Documentation Includes
Comprehensive network documentation covers every layer of your IT infrastructure, from the physical hardware to the logical configuration. Here is what a complete documentation set should contain.
Physical Network Diagram
A physical network diagram shows every device on your network and how they are physically connected. This includes routers, switches, firewalls, wireless access points, servers, NAS devices, UPS units, and patch panels. Each device should be labelled with its make, model, serial number, location, and the ports in use. Cabling should be documented, showing which cable connects which devices and which patch panel ports correspond to which wall outlets.
Logical Network Diagram
The logical diagram shows how your network is organised at the software level. This includes IP address ranges (subnets), VLANs, routing configurations, DNS settings, and DHCP scopes. For businesses with multiple sites, the logical diagram should show how sites are interconnected — whether via MPLS, SD-WAN, site-to-site VPN, or other technologies.
IP Address Management (IPAM)
A complete record of every IP address in use on your network, including which device or service it is assigned to, whether it is static or dynamic, and which subnet it belongs to. This prevents IP conflicts, simplifies troubleshooting, and makes it easy to add new devices to the network.
| Documentation Element | Purpose | Update Frequency | Risk If Missing |
|---|---|---|---|
| Physical network diagram | Shows device locations and cabling | After every hardware change | Slow troubleshooting, lost devices |
| Logical network diagram | Shows IP schemes, VLANs, routing | After every config change | Misconfiguration, security gaps |
| IP address register | Tracks all assigned addresses | After every new device or service | IP conflicts, connectivity failures |
| Firewall rule documentation | Records all rules and their purpose | After every rule change | Security vulnerabilities, access issues |
| Credential and access register | Stores admin credentials securely | After every password change | Lockout from critical systems |
| Vendor and contract register | Tracks licences, warranties, SLAs | At renewal or purchase | Expired licences, lapsed warranties |
Firewall and Security Configuration
Every firewall rule should be documented with its purpose, source, destination, ports, and the date it was created. Over time, firewalls accumulate rules that were added for specific, temporary purposes but never removed. Without documentation, no one knows which rules are still needed and which are legacy. This creates security risks and makes troubleshooting connectivity issues extremely difficult.
Server and Service Documentation
Each server — whether physical or virtual, on-premises or cloud-hosted — should be documented with its role, operating system, installed applications, resource allocation, backup schedule, and dependencies. Service documentation should map which applications depend on which servers, so that the impact of any failure or maintenance window can be assessed quickly.
Wireless Network Documentation
For businesses with Wi-Fi, documentation should include access point locations, SSIDs, security settings, channel configurations, and coverage maps. This information is essential for troubleshooting wireless connectivity issues and planning capacity as your business grows or your office layout changes.
Undocumented Network
- Unknown device locations and connections
- IP conflicts when adding new devices
- Firewall rules nobody understands
- Single person holds all knowledge
- Hours to diagnose simple outages
- Failed compliance audits
- Difficult to onboard new IT staff or MSP
Documented Network
- Every device catalogued with location and config
- IP address register prevents conflicts
- Firewall rules have clear purpose notes
- Any competent engineer can manage systems
- Minutes to diagnose common issues
- Compliance evidence readily available
- Smooth handover to new support providers
How to Create Network Documentation From Scratch
If your business currently has no documentation — or documentation so outdated it might as well not exist — the prospect of creating it from scratch can feel overwhelming. The key is to approach it systematically, starting with the most critical elements and building from there.
Phase 1: Discovery and Inventory
Begin with a physical walkthrough of your office, identifying every piece of network equipment. Open every network cabinet, trace every cable, and record what you find. Use network scanning tools to discover devices on your network that you might not be aware of — it is common to find forgotten switches, personal routers, and unauthorised devices during this process.
Phase 2: Configuration Capture
Once you know what devices exist, capture their configurations. Export firewall rules, record switch port assignments, note VLAN configurations, and document DHCP and DNS settings. For cloud services, record which subscriptions are active, which domains are registered, and which DNS records point where.
Phase 3: Diagram Creation
Using the information gathered, create physical and logical network diagrams. Tools such as Microsoft Visio, Lucidchart, or the free draw.io are excellent for this purpose. The diagrams do not need to be works of art — they need to be accurate, readable, and maintainable.
Phase 4: Review and Validation
Have someone other than the person who created the documentation review it. Can they understand the network from the documents alone? Are there gaps or ambiguities? This review step is crucial because documentation that only makes sense to its author is of limited value.
Keeping Documentation Current
The hardest part of network documentation is not creating it — it is keeping it up to date. Documentation that was accurate six months ago but has not been updated since is actively dangerous, because it gives a false sense of security. Engineers may make decisions based on outdated information, leading to misconfigurations or outages.
The solution is to embed documentation updates into your change management process. Every time a change is made to the network — a new device added, a firewall rule created, a VLAN reconfigured — the documentation must be updated as part of the change. This should be a formal requirement, not an optional afterthought.
Many managed service providers use documentation platforms such as IT Glue, Hudu, or SharePoint-based systems that integrate with their remote monitoring and management tools. These platforms can automatically detect changes to network configurations and flag documentation that may need updating, reducing the manual effort required.
Documentation and Compliance
For UK businesses subject to regulatory requirements, network documentation is not merely a best practice — it is often a legal obligation. The UK GDPR requires organisations to implement "appropriate technical and organisational measures" to protect personal data. Demonstrating that you have these measures in place requires documentation.
The ICO expects businesses to be able to describe their security architecture, demonstrate access controls, and show evidence of regular reviews. If you suffer a data breach and cannot produce documentation showing what security measures were in place, the ICO may take a significantly harsher view than if you can demonstrate a well-documented and well-managed infrastructure.
Cyber Essentials certification, increasingly required for UK Government supply chain contracts, requires businesses to document their network boundaries, firewall configurations, and access controls. Without pre-existing documentation, achieving certification becomes a much larger and more expensive exercise.
Need Help Documenting Your Network?
Cloudswitched provides comprehensive network documentation services for businesses across the United Kingdom. From initial discovery audits to ongoing documentation management, we ensure your IT infrastructure is fully documented, compliant, and resilient. Contact us to arrange a documentation review.
GET IN TOUCH
CloudSwitched
Centrally located in London, Shoreditch, we offer a range of IT services and solutions to small/medium sized companies.