Work Instruction. for Change Management. Work Instruction Administrator John Doe Chief Corporeal Officer ACME

Similar documents
Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd

Terms of Reference - Board of Directors (approved by the Board on 12 April 2018)

Audit and Risk Management Committee Charter

TASSAL GROUP LIMITED ABN Procedures for the Oversight and Management of Material Business Risks. (Approved by the Board 28 May 2015)

AUDIT & RISK COMMITTEE CHARTER

TERMS OF REFERENCE FOR THE PROVISION OF OUTSOURCED INTERNAL AUDIT SERVICE

Powerlink - Corporate Entertainment & Hospitality - Policy

AUDIT, RISK MANAGEMENT AND COMPLIANCE COMMITTEE CHARTER

Health, Safety and Environment Committee Charter

The Committee is specifically charged with the following duties and responsibilities:

NCTJ Conflicts of Interest Policy and Procedures

Risk and Audit Committee charter

School Business Manager

AUDIT and ASSURANCE COMMITTEE TERMS OF REFERENCE

Risk Management Policy

PRIMERICA, INC. COMPENSATION COMMITTEE CHARTER Adopted on March 31, 2010 and revised as of August 15, 2018

Information concerning the constitution, goals and functions of the agency, including 1 :

Audit Committee Charter

Collection House Group. Purchased Debt Ledger Investment Committee Charter

Key issuing Procedure

CHARTER OF THE COMPENSATION COMMITTEE OF THE BOARD OF DIRECTORS OF DROPBOX, INC.

Policy Coversheet. Link Tutors: appointment and responsibilities

RISK MANAGEMENT POLICY AND PROCEDURE

Manual of Administrative Policies and Procedures

Employee Hardship Assistance Policy

HUMAN RESOURCES AND COMPENSATION COMMITTEE CHARTER

Board Committee Charters

Stakeholder Relations and Communications Policy

GHD Pty Ltd. Standard Operating Procedure - HSE SAFEguards HSE359

Are you ready for the FUTURE of your Quality Management system?

HOC Works Program Requirements

Sempra Energy Environmental, Health, Safety and Technology Committee Charter

Best Practice in Gift Agreements

Chapter 1. Introduction and Overview of Audit & Assurance

Visitor Safety Management Procedure

THE CLOROX COMPANY AUDIT COMMITTEE CHARTER. [Effective May 8, 2017]

HEIDRICK & STRUGGLES INTERNATIONAL, INC. Corporate Governance Guidelines

CORPORATE GOVERNANCE POLICY

CHARTER OF THE COMPENSATION COMMITTEE OF THE BOARD OF DIRECTORS OF PLURALSIGHT, INC. Adopted May 3, 2018

TERMS OF REFERENCE. Audit and Risk Committee (the "Committee") of Wilmcote Holdings Plc (the "Company")

ARIZONA FIRE DISTRICT ASSOCIATION FINANCIAL PROCEDURES POLICY

INT Evaluation of Interchange Transactions. A. Introduction

CHARTER OF RESERVES, HEALTH, SAFETY, ENVIRONMENT AND SOCIAL RESPONSIBILITY COMMITTEE 2018

PROJECT CHARTER PLAN VERSION: 1A (DRAFT) <DD-MM-YY> <SECTION NAME>

AUDIT COMMITTEE CHARTER

VIVINT SOLAR, INC. COMPENSATION COMMITTEE CHARTER. (Adopted as of May 9, 2014)

Audit Committee Charter

Estates Operations and Maintenance Practice Guidance Note PFI and Non NTW Sites Guidance V01. Planned Review December 2019.

TASSAL GROUP LIMITED ABN

EXECUTIVE SUMMARY INTERNAL AUDIT REPORT. IOM Kingston JM JULY 2017

Guidelines and Recommendations Guidelines on periodic information to be submitted to ESMA by Credit Rating Agencies

National Management Group

CHARTER OF THE COMPENSATION COMMITTEE OF THE BOARD OF DIRECTORS OF ON DECK CAPITAL, INC.

Audit, Risk & Compliance Committee Charter

AMENDMENTS TO NASDAQ RULES ON COMPENSATION COMMITTEES

Intellectual Property Policy

Audit & Risk Committee Charter

Research Data Request Form

Windham School District Procurement Policy for Federal Funds

Local Code Of Corporate Governance

Huntington Bancshares Incorporated

Guidelines for submission to the NSW Population and Health Services Research Ethics Committee. Version June 2015

NANOSTRING TECHNOLOGIES, INC. COMPENSATION COMMITTEE CHARTER. (Adopted as of October 16, 2012 and amended as of April 26, 2017)

Non-Regulated Activities. Application Guidelines

Standard INT Evaluation of Interchange Transactions

Conservation and Collections Care Policy

Procurement Update

WHOLESALE AND RETAIL SETA. Skills Development for Economic Growth. ETQA Assessor and Moderator Registration Policy

Critical Incident Policy

External auditor appointment and independence

CYBG PLC BOARD REMUNERATION COMMITTEE. Charter

Position Description: Contracts Administrator Reports to: Project Manager

International Standard on Auditing (Ireland) 265. Communicating Deficiencies in Internal Control to Those Charged with Governance and Management

Understanding Self Managed Superannuation Funds

Trust Research & Innovation Standard Operating Procedure

Corporate Governance Principles

Agenda item Data Quality Group. Terms of Reference and Operating Arrangements

Policy and Procedures Date: April 23, Subject: Policy and Procedures for Establishment of New Schools at Virginia Tech

SNAKK MEDIA LIMITED FINANCIAL PRODUCTS TRADING POLICY AND GUIDELINES

Engineering IT Application Development Governance Workflow

Human Resources & Remuneration Committee Charter. Bank of Queensland

Producer Statements will be accepted only in accordance with this policy.

CODE OF CONDUCT AND ETHICS POLICY ON CONFLICTS OF INTEREST

AUDIT & RISK COMMITTEE (ARC)

JAUPT Appraisal Criteria Centre Application. November 2016

Policy on Requesting Reasonable Accommodations from the Zoning Code

EAC Bylaws Revisions and Election Procedures from the EAC Election Bylaws Committee 9/16/15

Assessment Validation and Moderation Policy and Procedure

EXECUTIVE SUMMARY INTERNAL AUDIT REPORT. IOM Mogadishu SO November 7 December 2018

Development Management Surveyor. Permanent, full time

RISK MANAGEMENT AND BUSINESS CONTINUANCE A FAIS Standard. An AC Guidance Note. July 2010

Objectives of the review. Context. February 2015

[AGENCY NAME] Mandate and Roles Document. (Pure Advisory Committees)

TWU OFFICE OF RESEARCH & SPONSORED PROGRAMS INSTRUCTIONS FOR USING THE TWU PROPOSAL APPROVAL ROUTING FORM

Order Execution Policy

University of Central Florida

Alberta Indigenous Community Energy Program Guidelines

HIPAA Privacy Rule LINKS AND RESOURCES AFFECTED ENTITIES IMPACT ON EMPLOYERS. Provided by Brown & Brown of Louisiana, LLC

The Company is a public company incorporated in Bermuda and its securities are listed on AIM.

Enforceable Undertakings Operational Policy

Transcription:

Wrk Instructin fr Change Management Wrk Instructin Administratr Jhn De Chief Crpreal Officer Wrk Instructin Authr Benjamin M.A. Rbsn Directr f Operatins IPSec Pty Ltd Date f Last Update 3/05/2011 12 Mrtuary Drive, Adelaide Cmmercial In Cnfidence 3/05/2011

OVERVIEW 3 PURPOSE 3 AFFECTED PARTIES 3 STAFF 3 CONTRACTORS 3 SUPPLIERS 3 PARTNERS 3 AFFECTED SYSTEMS 4 WORK INSTRUCTION STATEMENT 4 ROLES & RESPONSIBILITIES 8 ADMINISTRATOR 8 AUDITOR 8 TRAINER 9 ENFORCEMENT OFFICER 9 TRAINING 9 GENERAL STAFF 9 CONTRACTORS 10 SUPPLIERS 10 PARTNERS 10 CUSTOMERS OR CLIENTS 10 VISITORS 10 ASSET, ASSET GROUP, SYSTEMS & PROCESS ADMINISTRATORS AND OWNERS 10 WORK INSTRUCTION ADMINISTRATOR(S) 10 WORK INSTRUCTION AUDITOR(S) 10 WORK INSTRUCTION ENFORCEMENT OFFICER(S) 11 BREACHES 11 AUDIT & REVIEW 11 CHANGE CONTROL 12 VERSION NUMBERING 12 CHANGE MANAGEMENT 12 MAINTENANCE 12 DEFINITIONS 12 DOCUMENT LINKS 13 REFERENCES 14 DOCUMENT CONTROLS 14 CHANGE REQUEST 14 WORK INSTRUCTION APPROVAL 14 WORK INSTRUCTION AUDIT 14 Cmmercial In Cnfidence 12 Mrtuary Drive, Adelaide 3/05/2011

Overview Effective change management ensures that a knwn and stable envirnment is nt altered withut a deliberate, apprved actin with suitable review and rll-back mechanisms t prevent material cst t the rganisatin. Unauthrised changes, r changes that have been prly planned, test, r implemented can lead t the intrductin f failures and vulnerabilities within the peratin f the rganisatin. has determined that t ensure the nging stable peratin f the rganisatin it is necessary t enfrce strict change management requirements. Purpse The purpse f this dcument is t prvide Affected Parties with a clear understanding f what is required f them when changing the peratinal status f any Asset, Asset Grup, System r Prcess. All changes are t be cntrlled accrding t the requirements f this dcument, including all changes t asset status, cnditin, cnfiguratin, lcatin, value, r use; Affected Parties The fllwing grups are subject t this wrk instructin and must adhere t its requirements: Staff All full-time, part-time and casual staff emplyed by are required, as a cnditin f emplyment, t agree t and t cmply with the requirements f this wrk instructin. Acceptance f this wrk instructin must be included as a cnditin f any emplyment agreement. Cntractrs All cntractrs and suppliers engaged by are required, as a cnditin f engagement, t agree t and t cmply with the requirements f this wrk instructin. Acceptance f this wrk instructin must be included as a cnditin f any cntract agreement with cmpliance achieved thrugh agreed terms and cnditins. Suppliers All suppliers f gds and/r services t are required, as a cnditin f trade, t be subject t this wrk instructin. Partners All partners f are required, as a cnditin f partnership, t agree t and t cmply with the requirements f this wrk instructin. Acceptance f this wrk instructin must be included as a cnditin f any partnership agreement with cmpliance achieved thrugh agreed terms and cnditins. Cmmercial In Cnfidence 12 Mrtuary Drive, Adelaide 3/05/2011

Affected Systems All systems and services that hld, manipulate, transfer r prcess Assets f are required t cmply with the requirements f this wrk instructin. Wrk Instructin Statement The fllwing requirements must be adhered t by all Affected Parties and all Affected Systems and Services: Changes t Assets, Asset Grups, Systems r Prcesses shall be managed accrding t the level f imprtance they have t the rganisatin, as defined by Infrmatin Security Wrk Instructin fr Imprtance Classificatin. Changes shall be managed accrding t the level f impact the change may have n affected Assets, Asset Grups, Systems and/r Prcesses, as defined by Infrmatin Security Wrk Instructin fr Impact Classificatin. The Change Authrity Bard (CAB) shall exist and perate within the fllwing requirements: Members f the CAB shall cnsist f fur (4) executive fficers, and ther members as required frm time t time. The fur executive fficer rles will be filled frm the fllwing rles: IT Infrastructure Manager IT Operatins Manager Technical Services Prgram Manager Technical Services Strategic Planning Manager A qurum shall be n fewer than tw CAB executive fficers and ne ther member. Change requests shall be apprved by the CAB by simple majrity. The CAB shall be chaired by a member f the CAB executive. Taking in t cnsideratin the Imprtance Classificatin f affected Assets, Asset Grups, Systems and Prcesses and the level f impact the change may have n thse Assets, Asset Grups, Systems r Prcesses, all changes will be classified as being ne f the fllwing and will adhere t the requirements stated herein: Level 1 Change Changes must be apprved by the rganisatin s Bard f Directrs prir t implementatin. T receive apprval the prpsed change must meet the fllwing criteria: Prpsed changes must be dcumented prir, describing: Purpse f the change Expected utcme f the change Methd f change verificatin Rll-back plan in the event f a change implementatin failure. Cmmercial In Cnfidence 12 Mrtuary Drive, Adelaide 3/05/2011

It must nt change the imprtance classificatin f the Asset, Asset Grup, System r Prcess t the rganisatin. If the risk psed is t be changed the prpsed change must be apprved accrding t the bth the current and new risk level requirements. Changes must be verified as implemented accrding t the prvided prpsed change dcumentatin. If the change cannt be verified the implementer must execute the prvided rll-back plan. Upn cmpletin r rll-back f the change a reprt must be submitted t the Bard f Directrs detailing the results f the requested change. Level 2 Change Changes must be apprved by a majrity vte f members f the CAB and an Executive Officer f the rganisatin prir t implementatin. T receive apprval the prpsed change must meet the fllwing criteria: Prpsed changes must be dcumented prir, describing: Purpse f the change Expected utcme f the change Methd f change verificatin Rll-back plan in the event f a change implementatin failure. It must nt change the imprtance classificatin f the Asset, Asset Grup, System r Prcess t the rganisatin. If the risk psed is t be changed the prpsed change must be apprved accrding t the bth the current and new risk level requirements. Changes must be verified as implemented accrding t the prvided prpsed change dcumentatin. If the change cannt be verified the implementer must execute the prvided rle-back plan. Upn cmpletin r rll-back f the change a reprt must be submitted t the CAB and apprving Executive Officer detailing the results f the requested change. Level 3 Change Changes must be apprved by the CAB prir t implementatin. T receive apprval the prpsed change must meet the fllwing criteria: Prpsed changes must be dcumented prir, describing: Purpse f the change Expected utcme f the change Methd f change verificatin Rll-back plan in the event f a change implementatin failure. Cmmercial In Cnfidence 12 Mrtuary Drive, Adelaide 3/05/2011

It must nt change the imprtance classificatin f the Asset, Asset Grup, System r Prcess t the rganisatin. If the risk psed is t be changed the prpsed change must be apprved accrding t the bth the current and new risk level requirements. Changes must be verified as implemented accrding t the prvided prpsed change dcumentatin. If the change cannt be verified the implementer must execute the prvided rle-back plan. Upn cmpletin r rll-back f the change a reprt must be submitted t the CAB detailing the results f the requested change. Level 4 Change Changes must be apprved by the Asset, Asset Grup, System r Prcess wner prir t implementatin. T receive apprval the prpsed change must meet the fllwing criteria: Prpsed changes must be dcumented prir, describing: Purpse f the change Expected utcme f the change Methd f change verificatin Rll-back plan in the event f a change implementatin failure. It must nt change the imprtance classificatin f the Asset, Asset Grup, System r Prcess t the rganisatin. If the risk psed is t be changed the prpsed change must be apprved accrding t the bth the current and new risk level requirements. Where the Asset, Asset Grup, System r Prcess wner is the change requestr, they cannt als act as the change apprver and must seek apprval frm their direct manager. Changes must be verified as implemented accrding t the prvided prpsed change dcumentatin. If the change cannt be verified the implementer must execute the prvided rle-back plan. Upn cmpletin r rll-back f the change a reprt must be submitted t the Asset, Asset Grup, System r Prcess wner detailing the results f the requested change. Changes deemed as having a classificatin f Nne are cnsidered t be incnsequential, and f such lw likelihd f impacting any aspect f peratins that they d nt require any specific change management rules. Cmmercial In Cnfidence 12 Mrtuary Drive, Adelaide 3/05/2011

Changes will be classified accrding t the fllwing table: Asset, Asset Grup, System r Prcess Imprtance Classificatin Critical High Mderate Lw Ptential Impact Critical Level 1 Level 2 Level 3 Level 4 High Level 1 Level 2 Level 3 Level 4 Mderate Level 2 Level 3 Level 4 Nne Lw Level 2 Level 3 Level 4 Nne Changes deemed t require emergency actining (i.e. changes t be actined mre quickly than nrmal cnditins permit) must adhere t the fllwing change management rules: Apprval fr an emergency change may be granted accrding t the apprval requirements ne change classificatin higher than the nrmal imprtance classificatin f the impacted Assets, Asset Grups, Systems r Prcesses. (e.g. A change t be requested under emergency cnditins that wuld nrmally be classified as a Level 2 change, may received emergency authrisatin accrding t Level 3 requirements). Changes that are apprved accrding t emergency change rules must be retrspectively apprved, after implementatin f the requested change, accrding t the nrmal rules fr the change classificatin. If retrspective apprval is granted the change can be finalised accrding t nrmal practices. If the retrspective apprval is denied the change must be undne accrding t the submitted rll-back plan. All Assets, Asset Grups, Systems and Prcesses classified as being f Mderate, High r Critical Imprtance t the rganisatin shall have their functinal and availability status mnitred accrding t the requirements defined in Infrmatin Security Wrk Instructin fr Mnitring. Adherence t the requirements f this wrk instructin shall be verified peridically accrding t the requirements defined in Infrmatin Security Wrk Instructin fr Auditing. This Wrk Instructin must cmply with Infrmatin Security Plicy. Cmmercial In Cnfidence 12 Mrtuary Drive, Adelaide 3/05/2011

Rles & Respnsibilities The fllwing rles exist t maintain this wrk instructin. Each rle must be fulfilled by ne, r mre, individual(s) with each individual assigned a rle delegated by the administratr f the wrk instructin. Administratr Name Jhn De Title Chief Crpreal Officer Cmpany Landline Phne 05 555 9876 Mbile Phne 0405 555 556 Email jhn@acme.inf The wrk instructin administratr is respnsible fr the day-t-day aspects f the wrk instructin. This includes respnsibility fr rulings n the wrk instructin fr issues and areas nt clearly cvered r defined by the wrk instructin. Administratrs are als respnsible fr ensuring that all aspects f the wrk instructin are being adhered t, that the wrk instructin reflects the needs f the rganisatin, and fr dcumenting any issues within the wrk instructin that shuld be raised during the audit and review prgram fr the wrk instructin. Auditr Name Mary De Title Chief Nn-Crpreal Officer Cmpany Landline Phne 05 555 9875 Mbile Phne 0405 555 554 Email mary@acme.inf The wrk instructin auditr is respnsible fr cnducting a review f the wrk instructin and its related dcumentatin within the terms f the plicies audit and review requirements. The purpse f this prcess is t ensure that the wrk instructin reflects the rganisatins directinal, legal, technlgical and ther requirements. The wrk instructin s auditr shuld nt carry any ther rles r respnsibilities within this wrk instructin. The wrk instructin s auditr may be a 3 rd party, external, service prvider. Cmmercial In Cnfidence 12 Mrtuary Drive, Adelaide 3/05/2011

Trainer Name Tny De Title Trainer Cmpany Landline Phne 05 555 9874 Mbile Phne 0405 555 553 Email tny@acme.inf The wrk instructin trainer is respnsible fr ensuring that all staff represented in the Affected Parties sectin f the wrk instructin dcument are adequately trained in the purpse and functin f the wrk instructin, per the Training sectin f the wrk instructin. Enfrcement Officer Name Patch De Title Puppy Dg Cmpany Landline Phne 05 555 9871 Mbile Phne 0405 555 551 Email patch@acme.inf The wrk instructin enfrcement fficer is assigned the respnsibility f making rulings n breaches f the wrk instructin identified by the wrk instructin administratr. They are t act as an independent arbitratr as t the nature and severity f the breach, and t make recmmendatins t the in fault staff member s manager regarding any required disciplinary actins. Training It is a requirement f this wrk instructin that all Affected Parties f this wrk instructin receive training prir t cmmencing that rle and receive refresher training every twelve (12) mnths. It is the respnsibility f the Trainer t ensure that all Affected Parties f this wrk instructin receive training in the cmpliance requirements f this wrk instructin. Training shall be carried ut fr the fllwing grups and individuals accrding t the fllwing requirements: General Staff All staff must receive inductin and refresher training each year. This training must clearly articulate s cmmitment t securing the Assets and systems f the rganisatin and that all staff must cmply with the rganisatin s Infrmatin Security Plicy and assciated Child Plicies. Training must include where t find the plicies fr further reference and hw each wrk instructin is structured such that staff are able t identify when a wrk instructin affects them r an Asset, Asset Grup, System r Prcess they are wrking with. Cmmercial In Cnfidence 12 Mrtuary Drive, Adelaide 3/05/2011

Cntractrs All cntractrs must be infrmed, prir t their cmmencement, f the need t accept and cmply with the Infrmatin Security Plicy and sub-plicies f the rganisatin. If a cntractr has been engaged t wrk n a particular Asset, Asset Grup, System r Prcess the wner f thse must infrm the cntractr f what is required f them. Suppliers All suppliers wh interact with the Assets, Asset Grups, Systems r Prcesses f must be infrmed, by the wner f thse, f their bligatins t meet the requirements f the assciated plicies. Partners All partners wh interact with the Assets, Asset Grups, Systems r Prcesses f must be infrmed, by the wner f thse, f their bligatins t meet the requirements f the assciated plicies. Custmers r Clients All custmers r clients wh interact with the Assets, Asset Grups, Systems r Prcesses f must be infrmed, by the wner f thse, f their bligatins t meet the requirements f the assciated plicies. Visitrs All visitrs wh interact with the Assets, Asset Grups, Systems r Prcesses f must be infrmed, by the wner f thse, f their bligatins t meet the requirements f the assciated plicies. This includes prviding visitrs t cntrlled envirnments with instructin n what is expected f them as a visitr. Asset, Asset Grup, Systems & Prcess Administratrs and Owners All Asset, Asset Grup, System and Prcess administratrs and wners must be trained in the rganisatin s security wrk instructin requirements fr thse and must accept respnsibility fr ensuring cmpliance f thse with the rganisatin s Security Plicy and assciated Child Plicies. Wrk Instructin Administratr(s) Training shall be prvided upn cmmencement f the rle and every twelve(12) mnths there-after. Training shall ensure that the Wrk Instructin Administratr(s) is(are) capable f ensuring the nging cmpliance with the wrk instructin within the rganisatin and that the wrk instructin remains suitable t the needs f the rganisatin. Wrk Instructin Auditr(s) Training shall be prvided upn cmmencement f the rle and every twelve(12) mnths there-after. Training shall ensure that the Wrk Instructin Auditr(s) is(are) capable f verifying the level f cmpliance with the wrk instructin within the rganisatin. Cmmercial In Cnfidence 12 Mrtuary Drive, Adelaide 3/05/2011

Wrk Instructin Enfrcement Officer(s) Training shall be prvided upn cmmencement f the rle and every twelve(12) mnths there-after. Training shall ensure the enfrcement fficer is aware f what is required t cmply with the wrk instructin and what is expected f them frm the rganisatin in managing breach situatins, including the apprpriate handling f staff accrding t the wrk instructin breach rules f the rganisatin. Breaches In the event f a breach f this wrk instructin the Wrk Instructin Enfrcement Officer(s) shall investigate the nature and scale f the breach and shall recmmend remediatin and apprpriate disciplinary actins against thse fund t be in breach t the Plicy Administratr and the manager f the Affected Party r Affected System r Service fund t be in breach. Breaches shall be handled accrding t the apprpriate wrk instructin sectin incident handling rules. Audit & Review Cmpliance audits shall be cnducted by the Wrk Instructin Auditr(s) accrding t the fllwing criteria: Perid Methd Purpse Review Audience Every twelve (12) mnths. Reviews shall verify the cmpliance f all Assets, Asset Grups, Systems and Prcesses, and Persnnel with this wrk instructin thrugh cmpliance with its Child Plicies. It is imprtant t t knw that its business security requirements are being maintained t the defined levels. The cmpliance audit reprt shall be prvided t the Wrk Instructin Administratr f this wrk instructin and the executives f the rganisatin. Cmmercial In Cnfidence 12 Mrtuary Drive, Adelaide 3/05/2011

Change Cntrl Versin Numbering Versins f this wrk instructin shall be labelled with cnsecutive numbers fllwed by either.draft, representing a draft versin f the wrk instructin dcument nt fr frmal acceptance, r.final, representing a versin f the wrk instructin dcument suitable fr frmal adptin by the rganisatin. Change Management All changes t this wrk instructin shall be apprved by the Wrk Instructin Administratr prir t enfrcement within. Requests fr changes t this wrk instructin shall be managed in cmpliance with s Change Cntrl Plicy. Maintenance The wrk instructin shall be reviewed by the Administratr every twelve (12) Mnths t verify its alignment with the rganisatins needs and directin. Definitins The fllwing unique terms are used within this wrk instructin and are defined t mean the fllwing: System(s) is any manipulatr r hlder f infrmatin that invlves the input, transfrmatin, strage, r utput f data. This may r may nt include technlgy. Service(s) is any System that prvides functinality t Users and/r the Organisatin Organisatin is the Cuntry Fire Authrity. Wrk Instructins are nn-wrk Instructin Statements f requirement stipulating the needs f the rganisatin t achieve cmpliance with this plicy and its child plicies. Asset(s) is any persn, physical bject, envirnment r item emplyed, wned r held in trust by the Organisatin. Asset Grup(s) is any cllectin f Assets r Asset Grups. Imprtance Classificatin is an assessment f hw imprtant an Asset, Asset Grup, System r Prcess is t the. The level f imprtance is determined based n the level f impact n the rganisatin as a cnsequence f lss, manipulatin, r unauthrised access, and is determined accrding t the requirements f the Infrmatin Security Wrk Instructin fr Imprtance Classificatin. Cmmercial In Cnfidence 12 Mrtuary Drive, Adelaide 3/05/2011

Impact Classificatin is an assessment f hw significant an event is n any Asset, Asset Grup, System r Prcess. The level f impact is a descriptin f hw much f an affect any event, r grup f events, will have n Assets, Asset Grups, Systems r Prcesses. Partner is any rganisatin r individual with which engages fr any purpse where the ther individual r rganisatin is nt staff, a cntractr, a supplier, r visitr. Where Reasnable is referred t within this plicy, it means what wuld be cnsidered apprpriate by an average persn (laypersn). Affected Party means any persn required t cmply with the requirements f this wrk instructin, as utlined in the sectin titled Scpe Affected Parties. Asset, Asset Grup, System and Prcess Owner means the wner f any Asset, Asset Grup, System r Prcess. Asset, Asset Grup, System and Prcess Administratr means the administratr f any Asset, Asset Grup, System r Prcess. Wrk Instructin Administratr means the individual, r individuals, respnsible fr the administratin f this wrk instructin, as detailed in the sectin titled Delegatins/Authrisatin/Respnsibilities. Wrk Instructin Auditr means the individual, r individuals, respnsible fr the auditing f this wrk instructin, as detailed in the sectin titled Delegatins/Authrisatin/Respnsibilities. Wrk Instructin Enfrcement Officer means the individual, r individuals, respnsible fr the enfrcement f this wrk instructin, as detailed in the sectin titled Delegatins/Authrisatin/Respnsibilities. Change Authrity Bard (CAB) is defined as the bdy f staff r sub-cntractrs charged with cnsidering and apprving all changes t Assets, Asset Grups, Systems and Prcesses. Parent Dcuments This wrk instructin is subrdinate t the fllwing plicies r wrk instructins: Dcument Links Infrmatin Security Wrk Instructin fr Asset Operatin Infrmatin Security Wrk Instructin fr System & Prcess Operatin Child Dcuments The fllwing wrk instructins are sub-rdinate and subject t this wrk instructin: Infrmatin Security Wrk Instructin fr Mnitring Infrmatin Security Wrk Instructin fr Auditing Cmmercial In Cnfidence 12 Mrtuary Drive, Adelaide 3/05/2011

References The fllwing dcuments were used as reference materials in the develpment f this wrk instructin: AS/NZS ISO/IEC 27001:2006 Infrmatin Security Management Change Request The fllwing changes were prpsed and executed t this wrk instructin. Dcument Cntrls Versin #.(Draft Final) Date Authred by Descriptin f Change Wrk Instructin Apprval The fllwing wrk instructin versins were apprved and frmally adpted by Versin #.(Draft Final) Date Apprved by Signature Wrk Instructin Audit The fllwing wrk instructin audits were cmpleted Versin #.(Draft Final) Date Audited by Cmpliance % Signature Cmmercial In Cnfidence 12 Mrtuary Drive, Adelaide 3/05/2011

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback