Document Hierarchy of Information Security. Corporate Security Policy. Information Security Standard. General Directive(s) Specific Directive(s)
|
|
|
- Gabriella Berry
- 9 years ago
- Views:
Transcription
1 Document Hierarchy of Information Security General commitment to Information Security Installation of CorpSec Enabling CSO Installing Information Security Standard Corporate Security Policy Defining Assets, Objectives & Controls For Information Security Information Security Standard General Directive(s) Detailed Implementation Technique, Processes, Procedures, etc Specific Directive(s)
2 ISMS Structure Overview ISMS = Information Security Management System. It consists of 3 types of documents, structured in 3 tiers. Tier 1: Information Security Policy, general statement about information security, enabling security organisation, requires information security standard. Tier 2: Information Security Standard, defining objectives and controls for information security, giving guidance for implementation. Consists of 15 chapters, one for each main realm of information security. Tier 3: Information Security Directives, giving more detailed implementation guidance for certain areas.
3 Information Security Policy High level document Only abstract goals for information security Defines security organisation and it s duties Defines the corner pillars Orders a security standard document based on ISO Defines security as a innate part of bwin s business
4 Information Security Standard Based on ISO Adapted to the special needs of bwin 15 chapters Introduction Scope Terms and definitions Structure of this standard Risk assessment and treatment Security policy Organisation of information security Asset management Human resources security Physical and environmental security Communications and operations management Access control Information systems acquisition, development and maintenance Information security incident management Business continuity management Compliance Defining objectives and controls for information security based on international regulations and best practices Leaving the decision i to management not to implement and take the risk
5 Security Directives Information Classification & Handling Defines templates and procedures for classification if information in the 3 dimensions, confidentiality, integrity and availability Risk Management Defines how Risk management has to be done at bwin Directive on Worldwide Security Organization Internal organisation of CorpSec Asset Management Defining assets, responsibility for assets, documentation, HR Directive Describing what HR has to consider when hiring personal and external resources Physical & Environmental Directive Directive to handle premises of bwin, physical security, entry control, doors, windows, Access Control Directive Security directive for IT operations, defining operations management, logging, administration rules, System Acquisition / Development & Maintenance Directive Security rules for architecture, software development and procurement of systems and software Security Incident Management Directive How to log and report security events Business Continuity Directive Rules to define and run required availability in IT and to handle critical services on failure Audit Directive How to deal with internal and external auditors, provide correct data and evidence Users Directiveto Information Security Rules for the users of bwin s IT infrastructure Privacy Protection Directive
6 Principles for Security Directives Derived from Information Security Standard or a more abstract Directive Dedicated the a special task, region or audience Only needed if Standard is not adequate or specific enough Examples: General HR Security Directive HR Security Directive for Austria/Sveden/ General Security Directive for Data Centres Security Directive for Data Centre A Security Directive for Data Centres in USA Security Directive for Webserver Security Directive for IIS/Apache/
7 ToDos 1. CEOs sign and publish Corporate Security Policy 2. Workshops with Business Responsibles about their chapters (C-lvl, Head- Ofs) (Oliver Eckel) 3. Release of accorded Information Security Standard by CSO 4. Workshop with Business Experts about detailed Directives (MK+CG) 5. Gap Analysis 6. Budget and time estimation 7. Implementation considering priority
8 Thank You
Security Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
Information Security Management Systems
Information Security Management Systems Øivind Høiem CISA, CRISC, ISO27001 Lead Implementer Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector
Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM
Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and
Governance and Management of Information Security
Governance and Management of Information Security Øivind Høiem, CISA CRISC Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector secretary for information
Preparation for ISO 45001 OH&S Management Systems
Preparation for ISO 45001 OH&S Management Systems HEALTH & SAFETY MANAGEMENT QUALITY MANAGEMENT ACCESSIBILITY ENVIRONMENTAL MANAGEMENT ENERGY MANAGEMENT ISO 45001 TIMELINE ISO project committee ISO PC
Our Commitment to Information Security
Our Commitment to Information Security What is HIPPA? Health Insurance Portability and Accountability Act 1996 The HIPAA Privacy regulations require health care providers and organizations, as well as
Log management and ISO 27001
Log management and ISO 27001 Rakesh Maheshwari STQC Directorate Department of Information Technology Ministry of Communications & IT [email protected] Log management Log management is the process of generating,
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One Information Security- Perspective for Management Information Security Management Program Concept
Information Management Advice 35: Implementing Information Security Part 1: A Step by Step Approach to your Agency Project
Information Management Advice 35: Implementing Information Security Part 1: A Step by Step Approach to your Agency Project Introduction This Advice provides an overview of the steps agencies need to take
Understanding Management Systems Concepts
Understanding Management Systems Concepts Boğaç ÖZGEN Lead Auditor 1 管 理 计 划 初 始 化 做 实 施 检 查 控 制 过 程 行 动 改 善 活 动 系 统 监 视 2 Management (PLAN) Planning and Organizing (DO) Implementing and realization of
Integrated Management System Software
Integrated Management System Software QSA Integrated Management System Software QSA is a software solution which you can manage all management system requirements in a single platform. By using QSA, you
Managing e-health data: Security management. Marc Nyssen Medical Informatics VUB Master in Health Telematics KIST E-mail: [email protected].
Managing e-health data: Security management Marc Nyssen Medical Informatics VUB Master in Health Telematics KIST E-mail: [email protected] Structure of the presentation Data management: need for a clear
ISO 27000 Information Security Management Systems Professional
ISO 27000 Information Security Management Systems Professional Professional Certifications Sample Questions Sample Questions 1. A single framework of business continuity plans should be maintained to ensure
ISO 9001 Quality Management System Lead Auditor Training (IRCA)
ISO 9001 Quality Management System Lead Auditor Training (IRCA) Course Description BSI s Quality Management Systems (QMS) Auditor/Lead Auditor Training Course (ISO 9001) course teaches the principles and
Roles & Grades Rate Cards and Applicable SFIA Skills
Roles & s Rate Cards and Applicable Consultant Day Rate Card Consultant Day Rate Lead 900.00 Senior 800.00 Junior 0.00 CLAS Consultant and Competencies Lead CLAS Consultant Lead CLAS Consultant IT Governance
Cisco Cloud Assessments. Justin Tang
Cisco Cloud Assessments Justin Tang Cisco Landscape Evolution of Cloud Assessments Performing Cloud Assessments Challenges 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 2 Definition:
Guideline for Roles & Responsibilities in Information Asset Management
ISO 27001 Implementer s Forum Guideline for Roles & Responsibilities in Information Asset Management Document ID ISMS/GL/ 003 Classification Internal Use Only Version Number Initial Owner Issue Date 07-08-2009
DEVELOPING A CYBERSECURITY POLICY ARCHITECTURE
TECHNICAL PROPOSAL DEVELOPING A CYBERSECURITY POLICY ARCHITECTURE A White Paper Sandy Bacik, CISSP, CISM, ISSMP, CGEIT July 2011 7/8/2011 II355868IRK ii Study of the Integration Cost of Wind and Solar
Enabling Information PREVIEW VERSION
Enabling Information These following pages provide a preview of the information contained in COBIT 5: Enabling Information. The main benefit of this publication is that it provides COBIT 5 users with a
ISO 27001:2005 & ISO 9001:2008
ISO 27001:2005 & ISO 9001:2008 September 2011 1 Main Topics SFA ISO Certificates ISO 27000 Series used in the organization ISO 27001:2005 - Benefits for the organization ISO 9001:2008 - Benefits for the
ISMS Implementation Guide
atsec information security corporation 9130 Jollyville Road, Suite 260 Austin, TX 78759 Tel: 512-615-7300 Fax: 512-615-7301 www.atsec.com ISMS Implementation Guide atsec information security ISMS Implementation
EXPLORING THE CAVERN OF DATA GOVERNANCE
EXPLORING THE CAVERN OF DATA GOVERNANCE AUGUST 2013 Darren Dadley Business Intelligence, Program Director Planning and Information Office SIBI Overview SIBI Program Methodology 2 Definitions: & Governance
3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance
3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security
ISO 17025. Laboratory Quality Management. ISO 17025 Course Descriptions. [email protected] www.qsiamerica.com
ISO 17025 Laboratory Quality Management ISO 17025 Course Descriptions - Fundamentals Course Pg.2 - Documentation & Implementation Course Pg.3 - Auditor Course Pg.4 - Lead Auditor Course Pg.5 - Other Standards
Business Continuity & Crisis Management
Group Standard Business Continuity & Crisis Management The need to plan and respond effectively is critical to the successful management of any crisis situation. Business Continuity Management is the holistic
Records and Document Management
Records and Document Management Policy P3 Current: Updated November 2011 Table of Contents Purpose... 3 Scope... 3 Definitions... 3 Policy statement... 4 Responsibility... 4 Legislative context... 5 Associated
Securing business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security
Securing business data CNS White Paper Cloud for Enterprise Effective Management of Data Security Jeff Finch, Head of Business Development, CNS Mosaic 2nd July 2015 Contents 1 Non-Disclosure Statement...
Information Security ISO Standards. Feb 11, 2015. Glen Bruce Director, Enterprise Risk Security & Privacy
Information Security ISO Standards Feb 11, 2015 Glen Bruce Director, Enterprise Risk Security & Privacy Agenda 1. Introduction Information security risks and requirements 2. Information Security Management
AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES
AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES Final Report Prepared by Dr Janet Tweedie & Dr Julie West June 2010 Produced for AGIMO by
ISO 27002:2013 Version Change Summary
Information Shield www.informationshield.com 888.641.0500 [email protected] Information Security Policies Made Easy ISO 27002:2013 Version Change Summary This table highlights the control category
Compliance, Audits and Fire Drills: In the Way of Real Security?
Compliance, Audits and Fire Drills: In the Way of Real Security? Mark Estberg and John Howie Microsoft Corporation Session ID: SP01-203 Session Classification: Intermediate Introduction Microsoft s Global
Business Continuity Management Framework 2014 2017
Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity
NSW Government Digital Information Security Policy
NSW Government Digital Information Security Policy Version: 2.0 Date: April 2015 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 POLICY STATEMENT... 4 Core
Information Security Policy Best Practice Document
Information Security Policy Best Practice Document Produced by UNINETT led working group on security (No UFS126) Authors: Kenneth Høstland, Per Arne Enstad, Øyvind Eilertsen, Gunnar Bøe October 2010 Original
Request for Proposals on Security Audit Services
Request for Proposals on Security Audit Services Version 1.0 Date: 16 December 2011 Hong Kong Internet Registration Corporation Limited Unit 2002-2005, 20/F ING Tower, 308 Des Voeux Road Central, Sheung
The Next Generation of Security Leaders
The Next Generation of Security Leaders In an increasingly complex cyber world, there is a growing need for information security leaders who possess the breadth and depth of expertise necessary to establish
ISO 27001 Information Security Management Services (Lot 4)
ISO 27001 Information Security Management Services (Lot 4) CONTENTS 1. WHY LEICESTERSHIRE HEALTH INFORMATICS SERVICE?... 3 2. LHIS TECHNICAL ASSURANCE SERVICES... 3 3. SERVICE OVERVIEW... 4 4. EXPERIENCE...
An Overview of ISO/IEC 27000 family of Information Security Management System Standards
What is ISO/IEC 27001? The ISO/IEC 27001 standard, published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), is known as Information
Agile Information Security Management in Software R&D
Agile Information Security Management in Software R&D Rational and WebSphere User Group Finland Seminar 29.01.2008 Reijo Savola Network and Information Security Research Coordinator VTT Technical Research
Risk Management Solution for NPO
Risk Management Solution for NPO Achieving Mission with Best in Governance Disclaimer While utmost care has been taken to ensure content accuracy at the time of writing, no person should rely on the contents
ISO 14001:2004 EMS Internal Audit Guidance
ISO 14001:2004 EMS Internal Audit Guidance Contents Introduction... 3 About the Internal Audit Solution... 3 Forms & Records... 3 Audit Procedure... 3 Document Reference Numbering... 4 Navigating the Documents...
Security Standards. 17.1 BS7799 and ISO17799
17 Security Standards Over the past 10 years security standards have come a long way from the original Rainbow Book series that was created by the US Department of Defense and used to define an information
ISO 9001:2008 Internal Audit Guidance
ISO 9001:2008 Internal Audit Guidance Contents Introduction... 3 About the Internal Audit Solution... 3 Forms & Records... 3 Internal Audit Procedure... 3 Document Reference Numbering... 4 Navigating the
Revised October 2013
Revised October 2013 Version 3.0 (Live) Page 0 Owner: Chief Examiner CONTENTS: 1. Introduction..2 2. Foundation Certificate 2 2.1 The Purpose of the COBIT 5 Foundation Certificate.2 2.2 The Target Audience
Information Security Management System (ISMS) Overview. Arhnel Klyde S. Terroza
Information Security Management System (ISMS) Overview Arhnel Klyde S. Terroza May 12, 2015 1 Arhnel Klyde S. Terroza CPA, CISA, CISM, CRISC, ISO 27001 Provisional Auditor Internal Auditor at Clarien Bank
Road map for ISO 27001 implementation
ROAD MAP 1 (5) ISO 27001 adopts the "Plan-Do-Check-Act" (PDCA) model, which is applied to structure all ISMS processes: PDCA Plan (establish the ISMS) Do (implement and operate the ISMS) Descriprion Establish
GFMAM Competency Specification for an ISO 55001 Asset Management System Auditor/Assessor First Edition, Version 2
GFMAM Competency Specification for an ISO 55001 Asset Management System Auditor/Assessor First Edition, Version 2 English Version PDF format only ISBN 978-0-9871799-5-1 Published April 2014 www.gfmam.org
BUILD YOUR CYBERSECURITY SKILLS WITH NRB
BUILD YOUR CYBERSECURITY SKILLS WITH NRB BECOME A PECB CERTIFIED ISO 27001 AUDITOR OR INSTRUCTOR NRB established a partnership with the Professional Evaluation and Certification Board (PECB) to enrich
Security Control Standard
Security Standard The security and risk management baseline for the lottery sector worldwide Updated by the WLA Security and Risk Management Committee V1.0, November 2006 The WLA Security Standard is the
MINISTRY OF FINANCE, PLANNING AND ECONOMIC DEVELOPMENT THE THIRD FINANCIAL MANAGEMENT AND ACCOUNTABILITY PROGRAMME (FINMAPIII) TERMS OF REFERENCE
MINISTRY OF FINANCE, PLANNING AND ECONOMIC DEVELOPMENT THE THIRD FINANCIAL MANAGEMENT AND ACCOUNTABILITY PROGRAMME (FINMAPIII) TERMS OF REFERENCE IT SYSTEMS COMPLIANCE AND QUALITY ASSURANCE SPECIALIST
Protective security governance guidelines
Protective security governance guidelines Security of outsourced services and functions Approved 13 September 2011 Version 1.0 Commonwealth of Australia 2011 All material presented in this publication
CISM ITEM DEVELOPMENT GUIDE
CISM ITEM DEVELOPMENT GUIDE Updated January 2015 TABLE OF CONTENTS Content Page Purpose of the CISM Item Development Guide 3 CISM Exam Structure 3 Writing Quality Items 3 Multiple-Choice Items 4 Steps
CIO, CISO and Practitioner Guidance IT Security Governance
CIO, CISO and Practitioner Guidance IT Security Governance June 2006 (Revision 1, August 2007) 1 CIO, CISO and Practitioner Guidance Whatever your business, security and privacy are key matters that affect
State of Oregon. State of Oregon 1
State of Oregon State of Oregon 1 Table of Contents 1. Introduction...1 2. Information Asset Management...2 3. Communication Operations...7 3.3 Workstation Management... 7 3.9 Log management... 11 4. Information
Information Security Management Systems. Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer
Information Security Management Systems Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer atsec information security, 2013 ISO/IEC 27001 and related
Security Officer s Checklist in a Sourcing Deal
Security Officer s Checklist in a Sourcing Deal Guide Share Europe Ostend, May 9th 2014 Johan Van Mengsel IBM Distinguished IT Specialist IBM Client Abstract Sourcing deals creates opportunities and challenges.
SABPP IT GOVERNANCE COMMITTEE TERMS OF REFERENCE
SABPP IT GOVERNANCE COMMITTEE TERMS OF REFERENCE PREAMBLE The purpose of the IT Governance Committee is to ensure that IT is effectively governed at SABPP in accordance with the King III Code of Governance
INFOCOMM DEVELOPMENT AUTHORITY OF SINGAPORE
INFOCOMM DEVELOPMENT AUTHORITY OF SINGAPORE Multi-Tiered Cloud Security Standard for Singapore (MTCS SS) Implementation Guideline Report For cross certification from MTCS SS to ISO/IEC December 2014 Revision
Business Continuity Planning - A Look at Texas A&M University s Approach to Continuity Planning
1 Business Continuity Planning - A Look at Texas A&M University s Approach to Continuity Planning Monica Weintraub Emergency Management Coordinator Office of Safety & Security Texas A&M University Objectives
Information Security Awareness Training
Information Security Awareness Training Presenter: William F. Slater, III M.S., MBA, PMP, CISSP, CISA, ISO 27002 1 Agenda Why are we doing this? Objectives What is Information Security? What is Information
Information security controls. Briefing for clients on Experian information security controls
Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face
IT Risk Management Era: Research Challenges and Best Practices. Eyal Adar, Founder & CEO [email protected] Chairman of the EU SRMI
IT Risk Management Era: Research Challenges and Best Practices IARA Work Group July 1 st, 2007, Santa Clara - California Eyal Adar, Founder & CEO [email protected] Chairman of the EU SRMI (Security
An Overview of Information Security Frameworks. Presented to TIF September 25, 2013
An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information
Information Integrity & Data Management
Group Standard Information Integrity & Data Management Serco recognises its responsibility to ensure that any information and data produced meets customer, legislative and regulatory requirements and is
IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.
IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. Gunnar Wahlgren 1, Stewart Kowalski 2 Stockholm University 1: ([email protected]), 2: ([email protected]) ABSTRACT
Information Security Incident Management Policy September 2013
Information Security Incident Management Policy September 2013 Approving authority: University Executive Consultation via: Secretary's Board REALISM Project Board Approval date: September 2013 Effective
Queensland Government Human Services Quality Framework. Quality Pathway Kit for Service Providers
Queensland Government Human Services Quality Framework Quality Pathway Kit for Service Providers July 2015 Introduction The Human Services Quality Framework (HSQF) The Human Services Quality Framework
Hans Bos Microsoft Nederland. [email protected]
Hans Bos Microsoft Nederland Email: Twitter: [email protected] @hansbos Microsoft s Cloud Environment Consumer and Small Business Services Software as a Service (SaaS) Enterprise Services Third-party
Reputation. Further excellence. business continuity. risk management. Data security
Reputation competitive advantage speed to market safety Further excellence trust Data security risk management business continuity HOW CAN YOU CREATE AND SECURE SUSTAINABLE BUSINESS? SOLUTIONS FOR MANAGING
Training Catalogue 2015-16
Training Catalogue 2015-16 Table of Content Page Company Profile Training Overview.. Training Catalogue... GRC Fundamentals, Strategy & Implementation Workshop Anti Bribery Management System Implementation
Information Security Policy. Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services
Information Security Policy Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services Contents 1 Purpose / Objective... 1 1.1 Information Security... 1 1.2 Purpose... 1 1.3 Objectives...
INFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
Helmi Rais CERT-TCC Team Manager National Agency for Computer Security, Tunisia [email protected] [email protected]
Promoting a Cybersecurity Culture: Tunisian Experience ITU Regional Cybersecurity Forum for Eastern and Southern Africa Lusaka, Zambia, 25-28 August 2008 Helmi Rais CERT-TCC Team Manager National Agency
PCI Policy Compliance Using Information Security Policies Made Easy. PCI Policy Compliance Information Shield Page 1
PCI Policy Compliance Using Information Security Policies Made Easy PCI Policy Compliance Information Shield Page 1 PCI Policy Compliance Using Information Security Policies Made Easy By David J Lineman
Information Security Team
Title Document number Add document Document status number Draft Owner Approver(s) CISO Information Security Team Version Version history Version date 0.01-0.05 Initial drafts of handbook 26 Oct 2015 Preface
INFORMATION SYSTEMS. Revised: August 2013
Revised: August 2013 INFORMATION SYSTEMS In November 2011, The University of North Carolina Information Technology Security Council [ITSC] recommended the adoption of ISO/IEC 27002 Information technology
TÜ V Rheinland Industrie Service
TÜ V Rheinland Industrie Service Business Area: Automation / Functional Safety Contact Minsung Lee +82-2-860-9969 mailto : [email protected] Sales Account Manager for Functional Safety Fax +82-2-860-9862
IT Audit in the Cloud
IT Audit in the Cloud Pavlina Ivanova, CISM ISACA-Sofia Chapter Content: o 1. Introduction o 2. Cloud Computing o 3. IT Audit in the Cloud o 4. Residual Risks o Used Resources o Questions 1. ISACA Trust
Part A OVERVIEW...1. 1. Introduction...1. 2. Applicability...2. 3. Legal Provision...2. Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...
Part A OVERVIEW...1 1. Introduction...1 2. Applicability...2 3. Legal Provision...2 Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...3 4. Guiding Principles...3 Part C IMPLEMENTATION...13 5. Implementation
Cloud Security Introduction and Overview
Introduction and Overview Klaus Gribi Senior Security Consultant [email protected] May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious
Public Records (Scotland) Act 2011. Healthcare Improvement Scotland and Scottish Health Council Assessment Report
Public Records (Scotland) Act 2011 Healthcare Improvement Scotland and Scottish Health Council Assessment Report The Keeper of the Records of Scotland 30 October 2015 Contents 1. Public Records (Scotland)
Supplier Assurance Framework Good Practice Guide
Supplier Assurance Framework Good Practice Guide Version 2.0 February 2015 1 P a g e V e r s i o n 2. 0 F e b 1 5 Contents INTRODUCTION... 3 SUPPLIER ASSURANCE FRAMEWORK OVERVIEW... 4 USING THE STATEMENT