Document and Record Control Procedures



Similar documents
Staffordshire County Council. Records Retention and Disposal Policy

Public Records (Scotland) Act Healthcare Improvement Scotland and Scottish Health Council Assessment Report

HUMAN RESOURCES MANAGEMENT 53 Personnel Records

Information Governance Policy A council-wide information management policy. Version 1.0 June 2013

WEST LOTHIAN COUNCIL RECORDS MANAGEMENT POLICY. Data Label: Public

Information Classification and. Handling Policy

Records Retention and Disposal Schedule. Information Management

Guideline for Roles & Responsibilities in Information Asset Management

Information Integrity & Data Management

Policy. VBA Enterprise Risk Management. Governance Unit

Records Management - Council Policy Version 2-28 April Council Policy. Records Management. Table of Contents. Table of Contents... 1 Policy...

Records Retention and Disposal Schedule. Waste Management

Corporate Records Management Policy

West Midlands Police and Crime Commissioner Records Management Policy 1 Contents

Records Management Policy & Procedure

Records and Information Management. General Manager Corporate Services

DERBYSHIRE COUNTY COUNCIL BUSINESS CONTINUITY POLICY

INFORMATION SECURITY MANAGEMENT POLICY

Territory Records (Records Disposal Schedule Disaster Recovery (Human Services) Records) Approval 2005 (No 1)

Cloud (educational apps) software services and the Data Protection Act

CORK INSTITUTE OF TECHNOLOGY

Information Governance Strategy & Policy

Newcastle University Information Security Procedures Version 3

Information & ICT Security Policy Framework

Public Records (Scotland) Act NHS Health Scotland Assessment Report. The Keeper of the Records of Scotland. 5 th August 2015

Management of Official Records in a Business System

CORPORATE RECORDS MANAGEMENT POLICY

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

Information Security Policies. Version 6.1

OFFICIAL. NCC Records Management and Disposal Policy

Merthyr Tydfil County Borough Council. Data Protection Policy

ISO27001 Controls and Objectives

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

ISO Controls and Objectives

Information Management Strategy. July 2012

Policy No: TITLE: EFFECTIVE DATE: CANCELLATION: REVIEW DATE:

Highland Council Information Security Policy

Polices and Procedures

TO THE BOARDS OF MANAGEMENT AND PRINCIPAL TEACHERS OF PRIMARY SCHOOLS

Job Number: ROLE DESCRIPTION

PARLIAMENTARY AND HEALTH SERVICE OMBUDSMAN. Records Management Policy. Version 4.0. Page 1 of 11 Policy PHSO Records Management Policy v4.

Basic Records Management Practices for Saskatchewan Government*

University of Liverpool

Records Management Security of University Records Procedures

State Records Guideline No 25. Managing Information Risk

iso20000templates.com

Information and records management. Purpose. Scope. Policy

9. GOVERNANCE. Policy 9.8 RECORDS MANAGEMENT POLICY. Version 4

Administrative Procedures Memorandum A2005

(NOTE: ALL BS7799 REFERENCES IN THIS DOCUMENT ARE FROM BS7799-2:1999 and SHOULD BE AMENDED TO REFLECT BS7799-2:2002)

Document Management in the FIPPA Era

Records Management Policy

Invest NI Document Scanning Policy

Information Security Management System (ISMS) Policy

Title: Rio Tinto management system

Information Management Advice 50 Developing a Records Management policy

NSW Government Digital Information Security Policy

BACKUP & RESTORATION PROCEDURE

Derbyshire Trading Standards Service Quality Manual

Draft Information Technology Policy

ISO :2005 Requirements Summary

Advisory Guidelines of the Financial Supervision Authority. Requirements for Organising the Business Continuity Process of Supervised Entities

Code of Practice For Electronic Transactions

NSW Government Digital Information Security Policy

DEPARTMENT OF TAXATION AND FINANCE SECURITY OVER PERSONAL INFORMATION. Report 2007-S-77 OFFICE OF THE NEW YORK STATE COMPTROLLER

Information Management: A common approach

Web Site Download Carol Johnston

CITY UNIVERSITY OF HONG KONG

Record Retention and Disposal of College Records

I S O I E C I N F O R M A T I O N S E C U R I T Y A U D I T T O O L

Records Management Policy.doc

Information Security: Business Assurance Guidelines

AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES

Information Security Policy Best Practice Document

DURHAM COUNTY COUNCIL CORPORATE RECORDS MANAGEMENT POLICY

Guideline on good pharmacovigilance practices (GVP)

Data Security and Extranet

CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard

Data Governance Policy. Staff Only Students Only Staff and Students. Vice-Chancellor

TERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL

Cloud Computing and Records Management

RECORDS MANAGEMENT POLICY

Document Management Policy

BUSINESS CONTINUITY MANAGEMENT POLICY

CCG: IG06: Records Management Policy and Strategy

CORPORATE RECORD RETENTION IN AN ELECTRONIC AGE (Outline)

Corporate Policy and Strategy Committee

International Council on Archives

Temporary Records Procedure

UNIVERSITY OF NAIROBI POLICY ON RECORDS MANAGEMENT

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

COMMERCIALISM INTEGRITY STEWARDSHIP. Back-up Policy & Guidance

Central Agency for Information Technology

CITY UNIVERSITY OF HONG KONG

State Records Guideline No 15. Recordkeeping Strategies for Websites and Web pages

USE OF BUSINESS CARDS FOR PURCHASING

The New Zealand Human Services Quality Framework - ISO9002:2008 to 2012

ISO 27002:2013 Version Change Summary

BUSINESS CONTINUITY PLAN (TEMPLATE)

Transcription:

Information Security Document Document and Record Control Procedures 1

Version History Version Date Detail Author 1.0 30/08/2013 Approved by Information Governance Jo White Group 2.0 27/09/2013 Changes detailing version control and Jo White requirements for EDRM printing. 3.0 13/10/2014 Reviewed by Information Governance Jo White Group 4.0 16/11/2015 Reviewed by Information Governance Group. Jo White This document has been prepared using the following ISO27001:2013 standard controls as reference: ISO Control Description A.8.2 Information classification A.7.2.2 Information security awareness, education and training A.18.1.1 Identification of applicable legislation and contractual requirements A.18.1.3 Protection of records A.18.1.4 Privacy and protection of personally identifiable information 2

1 Introduction Derbyshire County Council recognises that documents and records must be securely maintained, are accurate and available. Maintaining a consistent approach to the management of documents and records will help to ensure the availability and accuracy of the Council s information and data. 2 Purpose The purpose of this procedure is to describe the Council s methodology for document and records control across all Council departments. Documents and records are likely to be revised, redrafted and amended over time and a consistent approach for recording this activity is required. 3 Procedure DOCUMENT CONTROL It is important that documents and records control is applied systematically and consistently across the Council. It is accepted that many departments already have established methods of control, however, there must be a common approach applied throughout: 1. The creation of all new documents (and records where appropriate) must include a version history which contains the following and is clearly identified using the title Version History and placed at the beginning of each document/record: Version An incremental numbering scheme should be used with the number being incremented when a change has been made.e.g 1.0, 2.0 - series increments such as 1.1, 1.2 etc are typically used for minor changes. Major changes typically involve a full number increment e.g from 1.0 to 2.0 etc. Departments using existing version numbering systems should continue to incorporate this into the version control methodology outlined in this procedure. Date the date by which any newly created documents, changes, reviews or approvals have been made. Detail a short explanation as to the reason for the version change/activity. Author the name of the person with author ownership of the version change. Example version control table Version History Version Date Detail Author 1.0 12/05/2013 Approved by the IGG John Smith 2. All changes to documents must go through an appropriate approval process (wherever one has been agreed). 3. All documents must be labelled and classified appropriately in accordance with the Council s Information Classification & Handling Policy 4. All documents must have an electronic version where hardcopies exist, must be the same version as the electronic one - whichever is the most up-to-date. 3

5. Departmental Management Teams will notify relevant managers, staff and suppliers when a new version has been published and ask that all previous versions are destroyed. 6. All documents must have electronic versions which are made available on the Council network and which can be backed up in line with the Council s Information Backup and Restore Policy. 7. Documents must be maintained and stored in line with relevant retention policies, legal regulations and/or statutory requirements. 8. Where there is no longer a requirement to retain documents, appropriate document disposal and removal procedures must be carried out in accordance with the Council s: Data Protection and Storage Media Handling Procedures Record Disposal Procedures 9. All documents of significant security incidents must be kept as part of the Council s ISMS 10. All Information Security Management System (ISMS) documents will be reviewed annually and approved by the Council s Information Governance Group (IGG). The Information Security Manager will initiate documents to be reviewed throughout the annual cycle. Each member of the IGG will review the documents. The Information Security Manager will collate the responses and present the final version to the IGG for approval. 11. All documents must be approved prior to issue for adequacy and that relevant versions of documents are available at points of use. N.B - Departments may develop a localised Document and Record Control procedure which outlines and describes the methods by which version control has been applied in their department particularly where a rationale exists which is specific to the department or is determined by unique working practices, however, any local procedures must be in accordance with these procedures. RECORD CONTROL 1. All records should have appropriate versioning controls applied which include: The version number numbering/version schemes may be specific to departments Date of creation/amendments Verification signature/s where appropriate 2. All records must be classified in accordance with the Information Classification & Handling Policy 3. All changes to records must go through an appropriate approval process (wherever one has been agreed). 4. All records must have electronic versions which are made available on the Council network and which can be backed up in line with the Council s Information Backup and Restore Policy. 5. Records must be maintained and stored in line with relevant retention policies, legal regulations and/or statutory requirements 6. Where there is no longer a requirement to retain records, appropriate document disposal and removal procedures must be carried out in accordance with the Council s: Data Protection and Storage Media Handling Procedures Record Disposal Procedures 7. All records of security incidents must be kept as part of the Council s ISMS 4

8. All information security records should be reviewed and controlled by the Council s Information Governance Group (IGG) The Council is continuing to roll out the Electronic Document Records Management system (EDRM) and is gradually moving all documents (including records) into the system. The EDRM system is not yet capable of applying or printing the required version control and/or document classification information and so, version controls and classifications must continue to be manually applied to all documents and records wherever they are stored or maintained in accordance with this procedure and the Council s Information Classification & Handling Policy. This document forms part of the Council's ISMS Policy and as such, must be fully complied with. 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information