Spillemyndigheden s change management programme. Version of 1 July 2012

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Spillemyndigheden s change management programme. Version 1.3.0 of 1 July 2012"

Transcription

1 Version of 1 July 2012

2 Contents 1 Introduction Authority Objective Target audience Version Enquiries Framework for managing system changes Responsibility in relation to handling changes The licence holder s responsibility Responsibility for managing system changes Schedule for implementing changes Planning of changes Identification of configuration System structure and choice of configuration items Identification of components (assets) Information about configuration items Geographical location of components Classification of components Configuration baseline Managing system changes Reasons for system changes Evaluation of system changes Approval of system changes Rejection of changes recommended by suppliers of business functionality Approved changes, recommended by suppliers of business functionality Rejected changes recommended by suppliers of gaming functionality Approved changes recommended by suppliers of gaming functionality Implementation of a new Random Number Generator (RNG) and changes to an existing RNG Implementation of new games Changes in existing offering of games Implementation and verification of system changes Changes to the components classified as Changes to the components classified as Presentation of a status of system changes Reporting Change and configuration audit Version of 1 July 2012 Page 2 of 12

3 1 Introduction 1.1 Authority This document Spillemyndigheden s Change Management Programme has been issued by Spillemyndigheden (the Danish Gambling Authority) under the Gambling Act (Act No. 848 of 1 July 2010 as later amended) and the executive orders on online casinos, online betting and land-based betting. It is part of the overall certification programme, which consists of the documents Spillemyndigheden s requirements for accredited testing organisations, Spillemyndigheden s change management programme and Spillemyndigheden s technical standards. 1.2 Objective The document specifies the minimum requirements which licence holders shall satisfy when carrying out changes to their gambling system. 1.3 Target audience The document is intended for licence holders, suppliers, accreditation bodies and testing organisations. 1.4 Version This document is Version of 1 July Spillemyndigheden will revise the certification programme on an on-going basis, making the latest version and the version history accessible at Spillemyndigheden s website: If the certification programme is modified, as a rule certifications already issued will remain in force. It is important to emphasise that only the Danish version is legally binding and that the English version holds the status of guidance only. 1.5 Enquiries All enquiries concerning this document should be sent in writing to Spillemyndigheden at the following address: or Spillemyndigheden Helgeshøj Allé 9 DK-2630 Taastrup Version of 1 July 2012 Page 3 of 12

4 2. Framework for managing system changes The licence holder shall plan its internal procedures for managing changes in a way which ensures that the particular changes and their effect on the overall system can be identified at all times. Part of the internal procedure shall ensure that the licence holder will have a manager who is responsible for managing system changes, see section This manager shall also take charge of preparing a formal change planning document, describing all the specific procedures and ensuring that the various measures are coordinated. The is structured in a way that allows routine changes etc. to be carried through in an expedient and controlled manner, while having minimal impact on the licence holder s business procedures. The licence holder shall ensure certification according to Spillemyndigheden s change management programme, and it shall be completed before the commencement of the licence holder s offering of betting and online casino services. The change management of the licence holder shall be certified at all times. The licence holder shall ensure that the change management of the licence holder is subject to on-going certification of the adherence to Spillemyndigheden s with an interval of no more than 12 months. 2.1 Responsibility in relation to handling changes The licence holder s responsibility The licence holder is responsible for changes in its betting and online casino systems irrespective of whether such changes have been carried through by the licence holder or a third party on behalf of the licence holder. A licence holder, who offers betting and/or online casino gambling shall clarify and describe responsibilities and authorities in connection with the completion and approval of the change process. If the system changes are managed by one of the licence holder s suppliers, the licence holder shall ensure that the supplier carries through corresponding procedures and complies with the requirements of this document Responsibility for managing system changes The licence holder shall appoint one or more among its staff to take overall responsibility for system changes. This may be organised as a committee. The responsible manager(s) shall possess sufficient experience and competence in relation to change management and hold a key position in the company in relation to change management. The responsible manager(s) need not necessarily handle the system changes personally, as changes and their relevance will vary extensively in relation to the particular change. It shall be handled in cooperation with other members of staff at the company or its suppliers in order to ensure qualified decisions in all areas. The company shall keep a log of the persons who have been involved in the decision process. Prior to approval of changes the responsible manager(s) shall confirm that: Version of 1 July 2012 Page 4 of 12

5 The proposed system changes are consistent with Spillemyndigheden s technical standards, The proposed system changes are necessary, The consequences will be acceptable, The proposed system changes have been carefully considered, documented and categorised and The planned action to implement the system changes in documents, hardware and/or software is satisfactory. 3. Schedule for implementing changes 3.1 Planning of changes The formal change plan shall contain a description showing that the system changes Will be incorporated in and aligned with the supplier s change plans, Shall be documented and approved by the management, Shall have been controlled by the responsible manager, Shall show the configuration to be used, Shall refer to the licence holder s and the supplier s relevant procedures whenever possible and Shall establish who is responsible for changes throughout the system and the components life cycles and with what powers. 3.2 Identification of configuration The configuration described below is a minimum requirement. The purpose is to allow identification of all the different parts of the system configuration so that the implications of system changes for every part will be assessed in the context of the purpose of this document. 3.3 System structure and choice of configuration items The choice of configuration items and the links between them should describe the system structure. Configuration items should be chosen based on considerations of whether their functional and physical properties can be handled separately. The selection criteria should comprise: Regulatory requirements, Critical aspects in relation to security risk (risk in relation to confidentiality, integrity and availability) and accountability, New or changed technology, design or development and Interface to other configuration items. The number of the chosen configuration items should optimise the possibility of controlling the product. The selection of configuration items should be started at the earliest possible stage of the product s life cycle. Configuration items should be assessed on an ongoing basis during development of the product. Any configuration item that may have implications for confidentiality, integrity or accountability should be assessed on the basis of the criteria listed above. Version of 1 July 2012 Page 5 of 12

6 3.4 Identification of components (assets) The licence holder shall cooperate with its suppliers to map out all hardware and software components that are used in the operation of betting and online casino services. Components that may have impact on security (integrity, confidentiality and availability) and/or are responsible for payment or gambling systems shall be recorded in a register of components. The level of detail of the records in this register is to be decided by the licence holder and its suppliers. If a licence holder chooses to keep a general register (in which the gambling system is the only component, for example) all changes to the gambling system will be classified as a change to a significant configuration item and thereby subject to appropriate control. If the level of detail in the register is higher, however (software RNG class, for example), it will be possible to handle changes to less important configuration items by less intervening measures. The items shall have a unique code, version number and identification characteristic, ensuring that an independent auditor will be able to inspect/check some or all components at any given time and determine whether they have deviated from the starting point. The items shall be recorded in the register of components. The owner of each component should be identifiable from the register. The owner shall be the one, who is responsible for component changes. If such an owner cannot be identified it shall be the manager(s) responsible for the component, see section The register of components along with the log of changes shall constitute the foundation which identifies the gambling system. 3.5 Information about configuration items The information about configuration items shall include both a definition of the item and information about the operation of the product which will provide unique identification of an item, thus allowing an auditor to assess whether it is in conformity with the plan (checksum of source code, object code and executable code, for example). Information about configuration items of significant relevance, see section 3.7, shall be included or referred to in the register of components. Information about the configuration should be relevant and traceable. The numbering shall be unique and ensure adequate control of the configuration item in question. 3.6 Geographical location of components The geographical location of all servers and hardware components shall be recorded in the register of components. 3.7 Classification of components All items identified in the register of components shall be classified using the following matrix: Confidentiality refers to confidential information about customers. Integrity refers to the integrity of the systems functionality and the information the systems include. Version of 1 July 2012 Page 6 of 12

7 Availability refers to the availability of the information concerning customer entitlements. Accountability refers to the activity of all users (customers, staff, third parties) on all components in the system. All components shall be given a relevance code on a scale from 1 to 3 based on the relevance of the configuration items relative to creating or protecting all properties of the system (confidentiality, integrity, availability or accountability). The relevance codes are: 1 = no relevance (cannot have any negative impact on the system s properties), 2 = some relevance (may have impact on the system s properties) and 3 = significant relevance (system properties are specifically related to the configuration item). When the components are to be classified it may be relevant to assess the material difference between betting and online casino and the variety of risks they involve (including customer entitlement and fairness). 3.8 Configuration baseline The configuration baseline contains information about the configuration providing a definition of the product, which has been approved by an accredited testing organisation. The configuration baseline along with approved changes to it will form the basis of the new configuration baseline. The configuration baseline shall be approved every twelve months by an accredited testing organisation. 4. Managing system changes The extent of a proposed change to the system will affect the degree of control necessary to handle the system change. The measures taken to manage system changes shall be documented and the documentation shall include the following items: A description of, the reasons for and a registration of the changes, A categorisation of the changes in respect of complexity, resources and planning, An evaluation of the consequences of the changes, Details indicating how the changes are to be approved and Details indicating how the changes will be implemented and tested. 4.1 Reasons for system changes Prior to the internal approval of system changes by the responsible manager (s), all proposed changes shall be identified and documented. Proposed system changes should typically include the following information: Version of 1 July 2012 Page 7 of 12

8 The configuration item(s) and related information to be changed, including details on their designation and current status of revision, A description of the proposed change, Details concerning other configuration items or information that may be affected by the changes, The employee or supplier who has prepared the proposal and the date of its preparation, The reason for the change and The type of change. The status of the change process, related decisions and measures shall be documented. A typical method to be applied in documenting changes is using a form with a unique identification number in order to assist the identification and traceability of the form. The condition for implementing changes recommended by suppliers of business functions should be that the changes are reasonable and justified. 4.2 Evaluation of system changes Proposed system changes shall be evaluated and the evaluation shall be documented. This evaluation shall be conducted in accordance with the purpose of the Gambling Act and the associated executive orders, based on ISO/IEC Risk management - Risk assessment techniques, and shall contain: Technical benefits to be gained from the proposed changes, Risks involved in the changes, Implications for compliance with current legislation, Confidentiality of customer data, Integrity of functionality and data, Availability of customer data and funds and Accountability when users interact with the system. Even though changes recommended by suppliers of business functions will generally be considered to be reasonable and justified, the licence holder should still evaluate such changes taking into account the criteria listed above. 4.3 Approval of system changes A procedure shall be established for the formal approval of system changes. Once a proposed change has been evaluated the manager(s) responsible shall review the evaluation and decide whether the change should be approved or not. Even if changes recommended by suppliers of business functions will generally be considered to be reasonable and justified, the licence holders should still formally approve or reject such changes. All decisions as well as the underlying considerations concerned with system changes should be recorded in a log. Notice of decisions should be circulated to the relevant stakeholders inside and outside the organisation, including the relevant accredited testing organisation. The accredited testing organisation shall analyse the basis on which all decisions that deviate from the suppliers recommendations have been made. All decisions shall be handled separately. The accredited testing organisation shall certify whether the licence holder s decision is justified. Version of 1 July 2012 Page 8 of 12

9 4.3.1 Rejection of changes recommended by suppliers of business functionality When the licence holder decides not to follow a supplier s recommendation, reasons for the decision shall be recorded. The reasons for not following the supplier s recommendations shall be given to Spillemyndigheden through the accredited testing organisation once every three months. The accredited testing organisation shall analyse the basis of each decision not to follow the supplier s recommendations separately. The accredited testing organisation shall show if the licence holder s decision is justified Approved changes, recommended by suppliers of business functionality When a licence holder decides that it will be expedient to follow the recommendations given by a supplier, the change shall be implemented in a way that prevents the components described in the register of components, see section 3.4, from being exposed to any unnecessary risks. The time between supplier(s) recommendation(s) and implementation shall be justified in a log. Evidence of the implementation of supplier s recommendation shall be maintained in the same log. The log shall subsequently be transferred to the accredited testing organisation and Spillemyndigheden on an annual basis Rejected changes recommended by suppliers of gaming functionality In case the licence holder decides that it is not expedient to follow the recommendations issued by a supplier of gaming functionality, the licence holder shall give the reasons for the decision. The documented reasons shall include an assessment for the components described in the register of components, see section 3.4, of the potential risks. The reason for rejecting the supplier s recommendations shall be given Spillemyndigheden through the accredited testing organisation every three months. The accredited testing organisation shall analyse the basis of each decision to reject the supplier s recommendations separately. The accredited testing organisation shall show whether the licence holder s decision is justified Approved changes recommended by suppliers of gaming functionality When a licence holder decides that it is expedient to follow the recommendations from a supplier this shall be done in such a way that the components described in the register of components, see section 3.4, will not be exposed to any unnecessary risks. The time between supplier(s) recommendation(s) and implementation shall be justified in a log. Evidence of the implementation of supplier s recommendation shall be maintained in the same log. The log shall subsequently be transferred to the accredited testing organisation and Spillemyndigheden on an annual basis Implementation of a new Random Number Generator (RNG) and changes to an existing RNG The implementation of a new RNG and changes to an existing RNG shall be notified with Spillemyndigheden five working days before the implementation is carried out. Version of 1 July 2012 Page 9 of 12

10 4.3.6 Implementation of new games The offering of new games, which utilises a subset of Spillemyndigheden s existing standard records not previously utilised by the licence holder, shall be notified with Spillemyndigheden five working days before the offering commences. The offering of new games, which cannot utilise a subset of Spillemyndigheden s existing standard records, shall be notified with Spillemyndigheden three weeks before the offering commences and shall not commence without prior dialogue with Spillemyndigheden. Guidance: The implementation of new games, which does not affect how the licence holder utilises Spillemyndigheden s standard records, can commence without prior notification with Spillemyndigheden Changes in existing offering of games Changes to the existing offering of games, which would affect the utilisation of Spillemyndigheden s existing standard records by the licence holder, shall be notified with Spillemyndigheden five working days before the offering is changed. Changes to the existing offering of games, which would affect the utilisation of Spillemyndigheden s existing standard records to an extent where an existing subset can no longer be used by the licence holder, shall be notified with Spillemyndigheden three weeks before the offering is changed and shall not commence without prior dialogue with Spillemyndigheden. Guidance: Changes to the existing offering of games, which does not affect how the licence holder utilises Spillemyndigheden s standard records, can commence without prior notification with Spillemyndigheden. 4.4 Implementation and verification of system changes This section applies to changes of components (assets) classified as 2 and 3 as described in section 3.7. After implementation the conformity with the approved changes shall be verified. This verification shall be registered so that it will be traceable. Completed changes shall be reported to the relevant accredited testing organisation (please note that for low risk changes this may be done by keeping a routine log of changes) Changes to the components classified as 3 The relevant accredited testing organisation shall assess and approve the licence holder s evaluation of the system change as made out pursuant to section 4.2 in all changes to the components of the gambling system classified as 3 ( of significant relevance ) pursuant to section 3.7 and certify all changes no later than in direct continuation of the implementation, whenever changes are made. Where a licence holder has an internal function dedicated to undertaking quality assurance of change management and this function is manned with appropriately skilled staff as well as being separated from the function implementing system changes, the relevant accredited testing organisation can allow changes to occur without certification, whenever changes are made. The accredited testing organisation shall assess, approve and certify these changes every three months and the certification shall clearly state whether this method has been used. The option of a certification interval of three months when dealing with changes to components classified as 3 is only available to licence holders. The option is not available to suppliers and vendors without a licence to offer online casino and/or betting in Denmark. Version of 1 July 2012 Page 10 of 12

11 4.4.2 Changes to the components classified as 2 The relevant accredited testing organisation shall assess and approve the licence holder s evaluation of the system change as made out pursuant to section 4.2 in all changes to gambling functionality when it involves the components of the gambling system classified as 2 ( of some relevance ) pursuant to section 3.7 and certify them every three months. The relevant accredited testing organisation shall assess and approve the licence holder s evaluation of the system change as made out pursuant to section 4.2 in all changes to business functionality when it involves the components of the gambling system classified as 2 ( of some relevance ) pursuant to section 3.7 and certify them every twelve months. Guidance to the accredited testing organisation: The analysis of the risk involved in changes should be carried through based on an appropriate sampling method and it shall take account of the assessed relevance of and risk involved in the change. Thereby a complete audit of all changes will not be necessary. All certifications prepared by accredited testing organisations shall be forwarded to Spillemyndigheden. 4.5 Presentation of a status of system changes The presentation of the status of system changes relates to the gambling system and configuration information. The licence holder shall ensure that the configuration status is registered on an ongoing basis and that it shows the status of the gambling system configuration. The log recording the configuration status should include: Information about system setup (such as identification number, title, dates of coming into force, audit status, change history and its commencement relative to the configuration baseline), The configuration of systems and components (such as part number, product design or version status), The status of the issue of new product configuration information, A risk analysis and decisions concerned with making the decision as to whether the changes will be approved or not, Implementation and Certification (see Spillemyndigheden s requirements for accredited testing organisations ). The information on the configuration and the system s evolution shall be recorded in a way that specifies cross-referencing and the connections necessary to submit the required reporting, see section 4.6. The report on the status in respect of changes shall ensure that a detailed audit can follow the audit trail through the changes and illustrate where the changes were made and who was responsible for implementing the changes in the set-up (including but not limited to source code). The level of detail in the reporting of changes should be proportionate to the 1-3 classification, see section Reporting A variety of types of reporting is necessary in order to handle changes as well as the configuration. These reports may cover particular configuration items or the entire system. Typical reports will contain: Version of 1 July 2012 Page 11 of 12

12 a list of information about the configuration of a product which is part of a specific configuration baseline a list of configuration items and their configuration baseline details about the current status in respect of audits and change history status reports on changes and deviations and details of the status of supplied and maintained system components, including serial numbers or the like and revision status. 4.7 Change and configuration audit An audit of changes and configuration shall be carried through every twelve months by an accredited testing organisation. The purpose of the annual audit of changes and configuration is to confirm that the Change Management Programme has been complied with in the course of the year and that the log will show the status of the system and changes correctly. Version of 1 July 2012 Page 12 of 12

Spillemyndigheden s Certification Programme Change Management Programme

Spillemyndigheden s Certification Programme Change Management Programme SCP.06.00.EN.2.0 Table of contents Table of contents... 2 1 Introduction... 4 1.1 Spillemyndigheden s certification programme... 4 1.2 Objectives of the change management programme... 4 1.3 Scope of this

More information

Spillemyndigheden s Certification Programme Change Management Programme

Spillemyndigheden s Certification Programme Change Management Programme SCP.06.00.EN.1.0 Table of contents Table of contents... 2 1 Objectives of the change management programme... 3 1.1 Scope of this document... 3 1.2 Version... 3 2 Certification... 4 2.1 Certification frequency...

More information

Spillemyndigheden s Certification Programme. General requirements SCP.00.00.EN.1.1

Spillemyndigheden s Certification Programme. General requirements SCP.00.00.EN.1.1 SCP.00.00.EN.1.1 Table of contents Table of contents... 2 1.1 Spillemyndigheden s certification programme... 3 1.2 Definitions... 3 1.3 Legal basis for the certification programme... 4 1.4 Version... 4

More information

Spillemyndigheden s Certification Programme Testing Standards for Online Casino

Spillemyndigheden s Certification Programme Testing Standards for Online Casino SCP.01.03.EN.1.0 Table of contents Table of contents... 2 1 Introduction... 3 1.1 Spillemyndigheden s certification programme... 3 1.2 Objectives of the testing standards... 3 1.3 Scope of this document...

More information

Spillemyndigheden s Certification Programme Instructions on Penetration Testing

Spillemyndigheden s Certification Programme Instructions on Penetration Testing SCP.04.00.EN.1.0 Table of contents Table of contents... 2 1 Introduction... 3 1.1 Spillemyndigheden s certification programme... 3 1.2 Objectives of the... 3 1.3 Scope of this document... 4 1.4 Definitions...

More information

Spillemyndigheden s Certification Programme Information Security Management System

Spillemyndigheden s Certification Programme Information Security Management System SCP.03.00.EN.1.0 Table of contents Table of contents... 2 1 Introduction... 3 1.1 Spillemyndigheden s certification programme... 3 1.2 Objectives of the... 3 1.3 Scope of this document... 4 1.4 Definitions...

More information

Spillemyndigheden s Certification Programme Instructions on Penetration Testing

Spillemyndigheden s Certification Programme Instructions on Penetration Testing SCP.04.00.EN.1.0 Table of contents Table of contents... 2 1 Objectives of the... 3 1.1 Scope of this document... 3 1.2 Version... 3 2 Certification... 4 2.1 Certification frequency... 4 2.1.1 Initial certification...

More information

Spillemyndigheden s Certification Programme Information Security Management System

Spillemyndigheden s Certification Programme Information Security Management System SCP.03.00.EN.1.0 Table of contents Table of contents... 2 1 Objectives of the... 3 1.1 Scope of this document... 3 1.2 Version... 3 2 Certification... 3 2.1 Certification frequency... 3 2.1.1 Initial certification...

More information

Spillemyndigheden s Certification Programme Instructions on Vulnerability Scanning

Spillemyndigheden s Certification Programme Instructions on Vulnerability Scanning SCP.05.00.EN.1.0 Table of contents Table of contents... 2 1 Objectives of the... 3 1.1 Scope of this document... 3 1.2 Version... 3 2 Certification... 3 2.1 Certification frequency... 3 2.1.1 Initial certification...

More information

Spillemyndigheden s Certification Programme. Testing Standards for Online Betting SCP.01.01.EN.1.0

Spillemyndigheden s Certification Programme. Testing Standards for Online Betting SCP.01.01.EN.1.0 SCP.01.01.EN.1.0 Table of contents Table of contents... 2 1 Objectives of the testing standards... 3 1.1 Scope of this document... 3 1.2 Version... 3 2 Certification... 3 2.1 Certification frequency...

More information

REGIONAL CENTRE EUROPE OF THE INTERNATIONAL FEDERATION OF TRANSLATORS

REGIONAL CENTRE EUROPE OF THE INTERNATIONAL FEDERATION OF TRANSLATORS Recommendations on Criteria for Conformity Assessment and Certification under EN 15038 (The numbering of the sections below follows the numbering in the Standard) Note: In the light of practical experience

More information

Security audit advice For holders of all remote gambling operator licences including specified remote lottery licences

Security audit advice For holders of all remote gambling operator licences including specified remote lottery licences Security audit advice For holders of all remote gambling operator licences including specified remote lottery licences July 2015 1 Introduction 1.1 This July 2015 advice is updated from the previously

More information

Administrative systems, policies, and procedures

Administrative systems, policies, and procedures Alan Pedley 2008-01-15 03:28:00 G005_ADMINISTRATIVE_SYSTEMS Administrative systems, policies, and procedures Guidelines G 005 Page 1 of 12 Alan Pedley 1. Preliminary 1.1 Authority This document is issued

More information

General Rules for the Certification of Management Systems Code: RG

General Rules for the Certification of Management Systems Code: RG General Rules for the Certification of Management Systems Code: RG Drafted on: 1 April 2012 Effective from: 1 October 2012 TABLE OF CONTENTS CHAPTER TITLE PAGE CHAPTER 1 GENERAL 3 CHAPTER 2 REFERENCE STANDARD

More information

Nuclear Safety Council Instruction number IS-19, of October 22 nd 2008, on the requirements of the nuclear facilities management system

Nuclear Safety Council Instruction number IS-19, of October 22 nd 2008, on the requirements of the nuclear facilities management system Nuclear Safety Council Instruction number IS-19, of October 22 nd 2008, on the requirements of the nuclear facilities management system Published in the Official State Gazette (BOE) number 270 of November

More information

Title: Rio Tinto management system

Title: Rio Tinto management system Standard Rio Tinto management system December 2014 Group Title: Rio Tinto management system Document No: HSEC-B-01 Standard Function: Health, Safety, Environment and Communities (HSEC) No. of pages: 23

More information

Smart Meters Programme Schedule 2.5. (Security Management Plan) (CSP South version)

Smart Meters Programme Schedule 2.5. (Security Management Plan) (CSP South version) Smart Meters Programme Schedule 2.5 (Security Management Plan) (CSP South version) Schedule 2.5 (Security Management Plan) (CSP South version) Amendment History Version Date Author Status v.1 Signature

More information

QSS 0: Products and Services without Bespoke Contracts.

QSS 0: Products and Services without Bespoke Contracts. QSS 0: Products and Services without Bespoke Contracts. Amendment History Version Date Status v.1 Dec 2014 Updated For 2015 deployment Table of Contents 1. DEFINITIONS 3 2. INTRODUCTION 3 3. WORKING WITH

More information

Unofficial translation of the Danish guidelines to the application form 2-06

Unofficial translation of the Danish guidelines to the application form 2-06 Unofficial translation of the Danish guidelines to the application form 2-06 Guidelines to form 2-06 application for renewal of a licence to provide betting and / or online casino Instruction Applications

More information

Musina Local Municipality. Change Management and Control Policy -Draft-

Musina Local Municipality. Change Management and Control Policy -Draft- Musina Local Municipality Change Management and Control Policy -Draft- Revision History Version Date Status Author V1.0 June 2013 First Draft Perry Eccleston Page 2 of 12 Table of Contents Revision History...

More information

TRANSITION PLANNING GUIDANCE for ISO/FDIS 9001:2000

TRANSITION PLANNING GUIDANCE for ISO/FDIS 9001:2000 CONTENTS 1.0 INTRODUCTION 2.0 EXPLANATION OF TRANSITION PERIOD 2.1 Pre-publication period Phase One 2.2 Co-existence period Phase Two 2.2.1 Duration of Phase 2 2.2.2 ISO/TC 176 IAF ISO/CASCO 2.3 Definitions

More information

Outsourcing Publication Date: September 2013 OUTSOURCING. 1. Legislation Guidance Exercising due skill, care and diligence...

Outsourcing Publication Date: September 2013 OUTSOURCING. 1. Legislation Guidance Exercising due skill, care and diligence... OUTSOURCING Contents 1. Legislation... 2 2. Guidance... 7 2.1 Exercising due skill, care and diligence... 7 2.2 Outsourcing agreement... 7 2.3 Outsourcing policy... 8 2.4 Business continuity plan... 9

More information

Aberdeen City Council IT Security (Network and perimeter)

Aberdeen City Council IT Security (Network and perimeter) Aberdeen City Council IT Security (Network and perimeter) Internal Audit Report 2014/2015 for Aberdeen City Council August 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary

More information

F Organisation s SANAS No/s. 4. General requirements 4.1 Impartiality and independence Are Inspection activities undertaken impartially?

F Organisation s SANAS No/s. 4. General requirements 4.1 Impartiality and independence Are Inspection activities undertaken impartially? Checklist for Accreditation of Diagnostic X-Ray Imaging System Inspection Bodies to SANS/ISO/IEC 17020: 2012 incorporating TR 78: Technical Requirements for the Application of ISO/IEC 17020 Organisation

More information

College of Education Computer Network Security Policy

College of Education Computer Network Security Policy Introduction The College of Education Network Security Policy provides the operational detail required for the successful implementation of a safe and efficient computer network environment for the College

More information

Executive Order No. 67 of 25. January 2012 on online casinos 1

Executive Order No. 67 of 25. January 2012 on online casinos 1 Executive Order No. 67 of 25. January 2012 on online casinos 1 The following is hereby laid down pursuant to Sections 36(2), 41(1) and 60 of Act No. 848 of 1 July 2010 on gambling, and Sections 17(2),

More information

Land based betting Annex 1. Technical requirements of the control system

Land based betting Annex 1. Technical requirements of the control system Land based betting Annex 1. Technical requirements of the control system A Introduction This document describes the technical requirements that must be met by a licence holder, including securing the data-basis

More information

Change & configuration management

Change & configuration management 2008-01-18 12:42:00 G007_CHANGE_AND_CONFIGURATION_MANAGEMENT Change & configuration management Guidelines Page 1 of 11 1. Preliminary 1.1 Authority This document is issued by the (the Commission) pursuant

More information

Allerdale Borough Council Internal Audit Charter

Allerdale Borough Council Internal Audit Charter Allerdale Borough Council Internal Audit Charter Appendix A Document prepared by Document reviewed by Document replaces Document approved by Document due for annual review Internal Audit Manager Date July

More information

3 Terms and definitions 3.5 client organization whose management system is being audited for certification purposes

3 Terms and definitions 3.5 client organization whose management system is being audited for certification purposes 3 Terms and definitions 3.4 third-party certification audit audit carried out by an auditing organization independent of the client and the user, for the purpose of certifying the client's management system

More information

MAIN CIVIL WORKS CONTRACT SCHEDULE 8 QUALITY MANAGEMENT TABLE OF CONTENTS

MAIN CIVIL WORKS CONTRACT SCHEDULE 8 QUALITY MANAGEMENT TABLE OF CONTENTS MAIN CIVIL WORKS CONTRACT SCHEDULE 8 QUALITY MANAGEMENT TABLE OF CONTENTS 1 INTERPRETATION... 1 1.1 Definitions... 1 2 QUALITY MANAGEMENT SYSTEM... 2 2.1 Quality Management System... 2 2.2 Contractor Responsibilities...

More information

ISO 9001 : 2000 Quality Management Systems Requirements

ISO 9001 : 2000 Quality Management Systems Requirements A guide to the contents of ISO 9001 : 2000 Quality Management Systems Requirements BSIA Form No. 137 February 2001 This document is the copyright of the BSIA and is not to be reproduced without the written

More information

Compliance. Group Standard

Compliance. Group Standard Group Standard Compliance Serco is committed to good governance practices and the management of risks supported by a robust business compliance process SMS-GS-G2 Compliance July 2014 v1.0 Serco Public

More information

CP14 ISSUE 5 DATED 1 st OCTOBER 2015 BINDT Audit Procedure Conformity Assessment and Certification/Verification of Management Systems

CP14 ISSUE 5 DATED 1 st OCTOBER 2015 BINDT Audit Procedure Conformity Assessment and Certification/Verification of Management Systems Certification Services Division Newton Building, St George s Avenue Northampton, NN2 6JB United Kingdom Tel: +44(0)1604-893-811. Fax: +44(0)1604-893-868. E-mail: pcn@bindt.org CP14 ISSUE 5 DATED 1 st OCTOBER

More information

Security Control Standard

Security Control Standard Security Standard The security and risk management baseline for the lottery sector worldwide Updated by the WLA Security and Risk Management Committee V1.0, November 2006 The WLA Security Standard is the

More information

ISO 14001:2004 Self Assessment Checklist

ISO 14001:2004 Self Assessment Checklist ISO 14001:2004 Self Assessment Checklist E008, Issue 2, February 2006 This document restates the requirements of ISO 14001:2004 for Environmental Management Systems (EMS) and has been developed to assist

More information

SAFETY and HEALTH MANAGEMENT STANDARDS

SAFETY and HEALTH MANAGEMENT STANDARDS SAFETY and HEALTH STANDARDS The Verve Energy Occupational Safety and Health Management Standards have been designed to: Meet the Recognised Industry Practices & Standards and AS/NZS 4801 Table of Contents

More information

WORKPLACE HEALTH AND SAFETY AUDITING GUIDELINES

WORKPLACE HEALTH AND SAFETY AUDITING GUIDELINES UOW SAFE@WORK WORKPLACE HEALTH AND SAFETY AUDITING GUIDELINES HRD-WHS-GUI-213.8 WHS Auditing Guidelines 2016 September Page 1 of 17 Contents 1 Purpose... 1 2 Scope... 1 3 Definitions... 1 4 Responsibilities...

More information

Maturity Model. March 2006. Version 1.0. P2MM Version 1.0 The OGC logo is a Registered Trade Mark of the Office of Government Commerce

Maturity Model. March 2006. Version 1.0. P2MM Version 1.0 The OGC logo is a Registered Trade Mark of the Office of Government Commerce Maturity Model March 2006 Version 1.0 P2MM Version 1.0 The OGC logo is a Registered Trade Mark of the Office of Government Commerce This is a Value Added product which is outside the scope of the HMSO

More information

Camar Aircraft Products Co. QUALITY MANUAL Revision D

Camar Aircraft Products Co. QUALITY MANUAL Revision D QUALITY MANUAL Revision D Gujll'y Manual Introduction The purpose of this manual is to describe the Quality Assurance Program implemented by Camar Aircraft Products Co. (hereafter referred to as C.A.P.C.)

More information

COMMISSION REGULATION (EU)

COMMISSION REGULATION (EU) L 122/22 Official Journal of the European Union 11.5.2011 COMMISSION REGULATION (EU) No 445/2011 of 10 May 2011 on a system of certification of entities in charge of maintenance for freight wagons and

More information

ITIL A guide to service asset and configuration management

ITIL A guide to service asset and configuration management ITIL A guide to service asset and configuration management The goal of service asset and configuration management The goals of configuration management are to: Support many of the ITIL processes by providing

More information

CHECKLIST ISO/IEC 17021:2011 Conformity Assessment Requirements for Bodies Providing Audit and Certification of Management Systems

CHECKLIST ISO/IEC 17021:2011 Conformity Assessment Requirements for Bodies Providing Audit and Certification of Management Systems Date(s) of Evaluation: CHECKLIST ISO/IEC 17021:2011 Conformity Assessment Requirements for Bodies Providing Audit and Certification of Management Systems Assessor(s) & Observer(s): Organization: Area/Field

More information

Schweppes Australia Head Office Level 5, 111 Cecil Street South Melbourne Victoria 3205. www.schweppesaustralia.com.au

Schweppes Australia Head Office Level 5, 111 Cecil Street South Melbourne Victoria 3205. www.schweppesaustralia.com.au Schweppes Australia Head Office Level 5, 111 Cecil Street South Melbourne Victoria 3205 www.schweppesaustralia.com.au Quality Management Systems 1. Quality Management Systems develop, implement, verify

More information

ISO 9001:2015 and AS/NZS ISO 9001:2016 Checklist

ISO 9001:2015 and AS/NZS ISO 9001:2016 Checklist Company: ISO 9001:2015 and AS/NZS ISO 9001:2016 Checklist Address: Client No: Check list completed by Date completed What you need to do: Please consider all questions in sections 4 to 10 and provide references

More information

OPERATING PROCEDURE IT CHANGE MANAGEMENT PROCEDURES MANUAL. PREPARED BY: AEMO DOCUMENT NO: Enter Document ID VERSION NO: 6.

OPERATING PROCEDURE IT CHANGE MANAGEMENT PROCEDURES MANUAL. PREPARED BY: AEMO DOCUMENT NO: Enter Document ID VERSION NO: 6. OPERATING PROCEDURE IT CHANGE MANAGEMENT PROCEDURES MANUAL PREPARED BY: AEMO DOCUMENT NO: Enter Document ID VERSION NO: 6.6 STATUS FINAL Approvals The undersigned have approved the release of Version 6.7

More information

ISO 20000-1:2005 Requirements Summary

ISO 20000-1:2005 Requirements Summary Contents 3. Requirements for a Management System... 3 3.1 Management Responsibility... 3 3.2 Documentation Requirements... 3 3.3 Competence, Awareness, and Training... 4 4. Planning and Implementing Service

More information

ISO 9001:2015 Quality Management Systems - The 2008-to-2015 Gap Analysis Checklist

ISO 9001:2015 Quality Management Systems - The 2008-to-2015 Gap Analysis Checklist 1. PURPOSE The purpose of this document is to detail the gaps between the superseded standard ISO 9001: 2008 and the current standard ISO 9001: 2015, to assist existing and potential clients assess their

More information

WORKPLACE HEALTH AND SAFETY AUDITING GUIDELINES

WORKPLACE HEALTH AND SAFETY AUDITING GUIDELINES WHS UNIT WORKPLACE HEALTH AND SAFETY AUDITING GUIDELINES Contents 1 Purpose... 1 2 Scope... 1 3 Definitions... 1 4 Responsibilities... 1 4.1 WHS Unit... 1 4.2 Auditor(s)... 1 4.3 Managers of Faculties

More information

Configuration Management Guide

Configuration Management Guide Guide Important Warning This document is one of a set of standards developed solely and specifically for use on Transport Assets (as defined in the Asset Standards Authority Charter). It is not suitable

More information

General Rules for the certification of Management Systems

General Rules for the certification of Management Systems General Rules for the certification of Management Systems Effective from 19/11/2015 RINA Via Corsica 12 16128 Genova - Italy tel. +39 010 53851 fax +39 010 5351000 website : www.rina.org Technical rules

More information

Description of the QM system certification procedure EN ISO and /or MD-Directives

Description of the QM system certification procedure EN ISO and /or MD-Directives The certification of a management system based on the standard EN ISO 13485, as well as the conformity assessment procedure for management systems according to EC directives for medical devices, consists

More information

JOHN HART GENERATING STATION REPLACEMENT PROJECT. Schedule 9. Quality Management

JOHN HART GENERATING STATION REPLACEMENT PROJECT. Schedule 9. Quality Management JOHN HART GENERATING STATION REPLACEMENT PROJECT Schedule 9 Quality Management SCHEDULE 9 QUALITY MANAGEMENT TABLE OF CONTENTS 1. QUALITY MANAGEMENT SYSTEM... 1 1.1 Quality Management System...1 1.2 Project

More information

ISO 14001:2004. Environmental Management Systems (EMS) Self-Assessment Checklist. Revision 1 (January 2014)

ISO 14001:2004. Environmental Management Systems (EMS) Self-Assessment Checklist. Revision 1 (January 2014) ISO 14001:2004 Environmental Management Systems (EMS) Self-Assessment Checklist This document restates the requirements of ISO 14001:2004 for Environmental Management Systems (EMS) and has been developed

More information

INFORMATION SECURITY MANAGEMENT OF A NUCLEAR FACILITY

INFORMATION SECURITY MANAGEMENT OF A NUCLEAR FACILITY INFORMATION SECURITY MANAGEMENT OF A NUCLEAR FACILITY 1 Introduction 3 2 Scope of application 3 3 Information security management 3 3.1 General requirements 3 3.2 Information security management system

More information

Overview of the AIBI-CS Certification Scheme FSSC and Specific Service Requirements

Overview of the AIBI-CS Certification Scheme FSSC and Specific Service Requirements Any Update to this Document is Posted at: http://cb.aibonline.org/fssc22000/fsschome.html Introduction This document provides a guide for applicants and suppliers about how AIB International Certification

More information

Information Security Policy

Information Security Policy Information Security Policy Reference No: Version: 5 Ratified by: CG007 Date ratified: 26 July 2010 Name of originator/author: Name of responsible committee/individual: Date approved by relevant Committee:

More information

GUIDELINE NO. 22 REGULATORY AUDITS OF ENERGY BUSINESSES

GUIDELINE NO. 22 REGULATORY AUDITS OF ENERGY BUSINESSES Level 37, 2 Lonsdale Street Melbourne 3000, Australia Telephone.+61 3 9302 1300 +61 1300 664 969 Facsimile +61 3 9302 1303 GUIDELINE NO. 22 REGULATORY AUDITS OF ENERGY BUSINESSES ENERGY INDUSTRIES JANUARY

More information

a) To achieve an effective Quality Assurance System complying with International Standard ISO9001 (Quality Systems).

a) To achieve an effective Quality Assurance System complying with International Standard ISO9001 (Quality Systems). FAT MEDIA QUALITY ASSURANCE STATEMENT NOTE 1: This is a CONTROLLED Document as are all quality system files on this server. Any documents appearing in paper form are not controlled and should be checked

More information

Service Support. 2005 Kasse Initiatives, LLC. ITIL Configuration Management - 1. version 2.0

Service Support. 2005 Kasse Initiatives, LLC. ITIL Configuration Management - 1. version 2.0 Service Support Configuration Management ITIL Configuration Management - 1 Goals of Configuration Management The goals of Configuration Management are to: Account for all the IT assets and configurations

More information

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:

More information

ISO QMS Standards and Requirements

ISO QMS Standards and Requirements ISO 9001-2001 QMS Standards and Requirements ISO Sections ISO Standards Requirements 4 Quality management system 4.1 General requirements The organization shall establish, document implement and maintain

More information

Internet copy

Internet copy Personal Data Processing Terms - Toll Service Provider Annex 0.5 to Toll Service Provider Agreement This copy of the document was published on and is for information purposes only. It may change without

More information

TRANSPORT FOR LONDON (TfL) LOW EMISSIONS CERTIFICATE (LEC) GUIDANCE NOTES FOR THE COMPANY AUDIT PROCESS. LEC (Company Audit) Guidance Notes

TRANSPORT FOR LONDON (TfL) LOW EMISSIONS CERTIFICATE (LEC) GUIDANCE NOTES FOR THE COMPANY AUDIT PROCESS. LEC (Company Audit) Guidance Notes TRANSPORT FOR LONDON (TfL) LOW EMISSIONS CERTIFICATE (LEC) GUIDANCE NOTES FOR THE COMPANY AUDIT PROCESS LEC (Company Audit) Guidance Notes Glossary of Terms Transport for London (TfL) London Low Emission

More information

Contact address: Global Food Safety Initiative Foundation c/o The Consumer Goods Forum 22/24 rue du Gouverneur Général Eboué 92130 Issy-les-Moulineaux

Contact address: Global Food Safety Initiative Foundation c/o The Consumer Goods Forum 22/24 rue du Gouverneur Général Eboué 92130 Issy-les-Moulineaux Version 6.3 Contact address: Global Food Safety Initiative Foundation c/o The Consumer Goods Forum 22/24 rue du Gouverneur Général Eboué 92130 Issy-les-Moulineaux France Secretariat email: gfsinfo@theconsumergoodsforum.com

More information

NABL NATIONAL ACCREDITATION

NABL NATIONAL ACCREDITATION NABL 160 NABL NATIONAL ACCREDITATION BOARD FOR TESTING AND CALIBRATION LABORATORIES GUIDE for PREPARING A QUALITY MANUAL ISSUE NO. : 05 AMENDMENT NO : 00 ISSUE DATE: 27.06.2012 AMENDMENT DATE: -- Amendment

More information

SAUDI ARABIAN STANDARDS ORGANIZATION (SASO)

SAUDI ARABIAN STANDARDS ORGANIZATION (SASO) SAUDI ARABIAN STANDARDS ORGANIZATION (SASO) TECHNICAL DIRECTIVE PART THREE: CONFORMITY ASSESSMENT PROCEDURES D13-19-7-2005 PART THREE: CONFORMITY ASSESSMENT PROCEDURES Introduction: By developing and applying

More information

Certification Practice Statement (ANZ PKI)

Certification Practice Statement (ANZ PKI) Certification Practice Statement March 2009 1. Overview 1.1 What is a Certification Practice Statement? A certification practice statement is a statement of the practices that a Certification Authority

More information

NSF Certification UK SERVICE PROTOCOL For Certification against ISO 22000 and FSSC 22000

NSF Certification UK SERVICE PROTOCOL For Certification against ISO 22000 and FSSC 22000 NSF Certification UK SERVICE PROTOCOL For Certification against ISO 22000 and FSSC 22000 The purpose of this protocol is to provide existing and prospective customers with information on the way in which

More information

ISO/IEC 17025 QUALITY MANUAL

ISO/IEC 17025 QUALITY MANUAL 1800 NW 169 th Pl, Beaverton, OR 97006 Revision F Date: 9/18/06 PAGE 1 OF 18 TABLE OF CONTENTS Quality Manual Section Applicable ISO/IEC 17025:2005 clause(s) Page Quality Policy 4.2.2 3 Introduction 4

More information

ENVIRONMENTAL MANAGEMENT SYSTEM ISO-14001:2004 POLICY MANUAL

ENVIRONMENTAL MANAGEMENT SYSTEM ISO-14001:2004 POLICY MANUAL ENVIRONMENTAL MANAGEMENT SYSTEM ISO-14001:2004 POLICY MANUAL WATERFORD CARPETS LIMITED CONTROLLED COPY R EVISION DATE: 11/10/12 PAGE 1 OF 17 Noel CUNNINGHAM TABLE OF CONTENTS Section X1 Section 1.0 Section

More information

ITIL v3 Service transition glossary

ITIL v3 Service transition glossary ITIL v3 Service transition glossary Term Assembly Assessment Asset management Asset register Attribute Audit Authority matrix Back out Best practice British Standards Institution (BSI) Build Build environment

More information

GAP-ANALYSIS CROSS REFERENCE BETWEEN ISO/IEC 17020:2012 AND ISO/IEC 17020:1998

GAP-ANALYSIS CROSS REFERENCE BETWEEN ISO/IEC 17020:2012 AND ISO/IEC 17020:1998 GAP-ANALYSIS CROSS REFERENCE BETWEEN ISO/IEC 17020:2012 AND ISO/IEC 17020:1998 The principle standard used by International Accreditation Service (IAS) for the accreditation of Inspection Bodies is ISO/IEC

More information

Testing strategy for compliance with remote gambling and software technical standards. First published August 2009

Testing strategy for compliance with remote gambling and software technical standards. First published August 2009 Testing strategy for compliance with remote gambling and software technical standards First published August 2009 Updated July 2015 1 Introduction 1.1 Sections 89 and 97 of the Gambling Act 2005 enable

More information

Information Security Policy

Information Security Policy Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September

More information

Danske Bank Group Certificate Policy

Danske Bank Group Certificate Policy Document history Version Date Remarks 1.0 19-05-2011 finalized 1.01 15-11-2012 URL updated after web page restructuring. 2 Table of Contents 1. Introduction... 4 2. Policy administration... 4 2.1 Overview...

More information

December 21, 2012. The services being procured through the proposed amendment are Hosting Services, and Application Development and Support for CITSS.

December 21, 2012. The services being procured through the proposed amendment are Hosting Services, and Application Development and Support for CITSS. Justification for a Contract Amendment to Contract 2012-01: Interim Hosting and Jurisdiction Functionality for the Compliance Instrument Tracking System Service (CITSS) December 21, 2012 Introduction WCI,

More information

Specific Requirements Certification scheme for Food Safety Systems in compliance with FSSC 22000

Specific Requirements Certification scheme for Food Safety Systems in compliance with FSSC 22000 Specific Requirements Certification scheme for Food Safety Systems in compliance with FSSC 22000 Organisation s SANAS No/s. Name of Certification Body Name of person observed Role in the audit: Type of

More information

COMPANY NAME. Environmental Management System Manual

COMPANY NAME. Environmental Management System Manual Revision No. : 1 Date : DD MM YYYY Prepared by : Approved by : (EMR) (Top Management) Revision History Revision Date Description Sections Affected Revised By Approved By Table of Content 0.0 Terms and

More information

Smart DCC Ltd Information Security Policy. Version: 3.0

Smart DCC Ltd Information Security Policy. Version: 3.0 Version: 3.0 Date: 14 July 2015 Classification: DCC Public 1 Introduction 1.1 This (ISP) defines the (Smart DCC) approach to information security. An effective ISP provides a sound basis for defining and

More information

UCD Information Technology Services Acceptable Use Policy

UCD Information Technology Services Acceptable Use Policy UCD Information Technology Services Acceptable Use Policy To safeguard individuals and to ensure the integrity and reliability of information services, UCD has a number of Use Policies. These are designed

More information

Superseded by T MU AM 04001 PL v2.0

Superseded by T MU AM 04001 PL v2.0 Plan T MU AM 04001 PL TfNSW Configuration Management Plan Important Warning This document is one of a set of standards developed solely and specifically for use on the rail network owned or managed by

More information

DRAFT. Internal Audit Report. Computer Recycling

DRAFT. Internal Audit Report. Computer Recycling DRAFT Internal Audit Report Computer Recycling Document Details: Reference: 2.7/2013.14 Senior Manager, Internal Audit & Assurance: ext. 6567 Engagement Manager: ext. 6572 Auditor: ext. 6244 Date: 4 th

More information

QUALITY MANUAL QM0492 ISO/TS16949 SUPPLEMENT I

QUALITY MANUAL QM0492 ISO/TS16949 SUPPLEMENT I QUALITY MANUAL QM0492 ISO/TS16949 SUPPLEMENT I REV B Foreword This document defines the quality management system requirements to be applied when processing automotive parts under the automotive standard

More information

Quality management systems Guidelines for configuration management

Quality management systems Guidelines for configuration management BRITISH STANDARD Quality management systems Guidelines for configuration management ICS 03.120.10 BS ISO 10007:2003 BS ISO 10007:2003 This British Standard was published under the authority of the Standards

More information

UMHLABUYALINGANA MUNICIPALITY IT CHANGE MANAGEMENT POLICY

UMHLABUYALINGANA MUNICIPALITY IT CHANGE MANAGEMENT POLICY UMHLABUYALINGANA MUNICIPALITY IT CHANGE MANAGEMENT POLICY Originator IT Change Management Policy Approval and Version Control Approval Process: Position or Meeting Number: Date: Recommended by Director

More information

NSW Data & Information Custodianship Policy. June 2013 v1.0

NSW Data & Information Custodianship Policy. June 2013 v1.0 NSW Data & Information Custodianship Policy June 2013 v1.0 CONTENTS 1. PURPOSE... 4 2. INTRODUCTION... 4 2.1 Information Management Framework... 4 2.2 Data and information custodianship... 4 2.3 Terms...

More information

BLOOM AND WAKE (ELECTRICAL CONTRACTORS) LIMITED QUALITY ASSURANCE MANUAL

BLOOM AND WAKE (ELECTRICAL CONTRACTORS) LIMITED QUALITY ASSURANCE MANUAL 130 Wisbech Road Outwell Wisbech Cambridgeshire PE14 8PF Tel: (01945) 772578 Fax: (01945) 773135 Copyright 2003. This Manual and the information contained herein are the property Bloom & Wake (Electrical

More information

DNV GL Assessment Checklist ISO 9001:2015

DNV GL Assessment Checklist ISO 9001:2015 DNV GL Assessment Checklist ISO 9001:2015 Rev 0 - December 2015 4 Context of the Organization No. Question Proc. Ref. Comments 4.1 Understanding the Organization and its context 1 Has the organization

More information

Network Certification Body

Network Certification Body Network Certification Body Scheme rules for assessment of railway projects to requirements of the Railways Interoperability Regulations as a Notified and Designated Body 1 NCB_MS_56 Contents 1 Normative

More information

Rail Network Configuration Management

Rail Network Configuration Management Division / Business Unit: Function: Document Type: Enterprise Services Engineering Procedure Rail Network Configuration Management Applicability ARTC Network Wide SMS Publication Requirement Internal /

More information

SMKI Recovery Procedure

SMKI Recovery Procedure SMKI Recovery Procedure Consultation open: 1 July 2015 Consultation closes: 29 July 2015 DCC Public Page 1 of 55 Contents 1 Introduction... 3 1.1 Purpose & Interpretation...3 1.2 Scope...3 2 Overview of

More information

SQF Program Vocabulary

SQF Program Vocabulary SQF Program Vocabulary 2nd Edition AMENDED JUNE 2009 Safe Quality Food Institute 2345 Crystal Drive, Suite 800 Arlington, VA 22202 USA 202-220-0635 www.sqfi.com SQF Institute is a division of the Food

More information

Spillemyndigheden s Certification Programme Inspection Standards for Online Casino

Spillemyndigheden s Certification Programme Inspection Standards for Online Casino SCP.02.03.EN.1.0 Table of contents Table of contents... 2 1 Objectives of the inspection standards... 4 1.1 Scope of this document... 4 1.2 Version... 4 2 Certification... 5 2.1 Certification frequency...

More information

Smart Meters Programme Schedule 2.4. (Continuous Improvement) (CSP North version)

Smart Meters Programme Schedule 2.4. (Continuous Improvement) (CSP North version) Smart Meters Programme Schedule 2.4 (Continuous Improvement) (CSP North version) Schedule 2.4 (Continuous Improvement) (CSP North version) Amendment History Version Date Status v.1 Signature Date Execution

More information

ISO 9001:2008 Quality Management System Requirements (Third Revision)

ISO 9001:2008 Quality Management System Requirements (Third Revision) ISO 9001:2008 Quality Management System Requirements (Third Revision) Contents Page 1 Scope 1 1.1 General. 1 1.2 Application.. 1 2 Normative references.. 1 3 Terms and definitions. 1 4 Quality management

More information

Office for Nuclear Regulation

Office for Nuclear Regulation ONR GUIDE LC17 Management Systems Document Type: ONR Nuclear Safety Technical Inspection Guide Unique Document ID and Revision No: NS-INSP-GD-017 Revision 2 Date Issued: November 2012 Review Date: November

More information

P-01 Certification Procedure for QMS, EMS, EnMS & OHSAS. Procedure. Application, Audit and Certification

P-01 Certification Procedure for QMS, EMS, EnMS & OHSAS. Procedure. Application, Audit and Certification Procedure Application, Audit and Certification Document No. P-01 Version 9.00 Date of Issue Nov 02, 2015 Reviewed & Approved by Name Designation Signature Date Kaushal Goyal Managing Director Nov 02, 2015

More information

IAF Informative Document. Transition Planning Guidance for ISO 9001:2015. Issue 1 (IAF ID 9:2015)

IAF Informative Document. Transition Planning Guidance for ISO 9001:2015. Issue 1 (IAF ID 9:2015) IAF Informative Document Transition Planning Guidance for ISO 9001:2015 Issue 1 (IAF ID 9:2015) Issue 1 Transition Planning Guidance for ISO 9001:2015 Page 2 of 10 The (IAF) facilitates trade and supports

More information