DOCUMENT CONTROL PROCEDURE



Similar documents
BACKUP & RESTORATION PROCEDURE

DIRECTIVE NUMBER: v2.0. SUBJECT: Correctional Integration Systems Change Management Plan

Log management and ISO 27001

Authors: Tunç Lokmanhekim, Nazlı Nil Yukaruç and Çağla Yazdıç, ELIG, Attorneys-at-Law

ISO Information Security Management Systems Professional

DATA CENTER SERVICE CATALOG

CORPORATE COMPLIANCE PROGRAM

LOBBYING DISCLOSURE IN PENNSYLVANIA 2014 ANNUAL REPORT PENNSYLVANIA DEPARTMENT OF STATE. June Tom Wolf Governor

Admiral Insurance Company

Core Fittings C-Core and CD-Core Fittings

Policy. Purpose

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.

PITTSBURG UNIFIED SCHOOL DISTRICT

CP14 ISSUE 5 DATED 1 st OCTOBER 2015 BINDT Audit Procedure Conformity Assessment and Certification/Verification of Management Systems

Standard CIP 004 3a Cyber Security Personnel and Training

MANAGEMENT RESPONSIBILITY

Copyright 2014 Carnegie Mellon University The Cyber Resilience Review is based on the Cyber Resilience Evaluation Method and the CERT Resilience

LAUREATE ANTI-CORRUPTION POLICY

ICT SERVICE LEVEL AGREEMENT MANAGEMENT POLICY (EXTERNAL SERVICE PROVIDERS/VENDORS)

Regulatory Compliance Policy No. COMP-RCC 4.32 Title:

General Director Regulations EuroChem Mineral & Chemical Company, OJSC

ITD Project Management and System Development Procedure ITD PROJECT MANAGEMENT AND SYSTEM DEVELOPMENT PROCEDURE

Information Security Management System (ISMS) Policy

Title: Data Security Policy Code: Date: rev Approved: WPL INTRODUCTION

Cross-Sound Cable Company, LLC Procedure for Disclosure of Critical Energy Infrastructure Information

Office of Health Care Ombudsman, statutory duties

M E M O R A N D U M. 1) Practice of Architecture

GRANITE FINANCIAL PARTNERS, LLC. Investment Adviser Code of Ethics

Insider Trading Policy

Guidance on Insider and Significant Shareholder Markers

ISO 9001:2015 vs. ISO 9001:2008

Frequently Asked Questions (FAQs) Medicare First Tier, Downstream, and Related Entity (FDR) Compliance Program Requirements

Territory and Municipal Services Reference Document 10

ISMS Implementation Guide

TOWN OF SILVERTHORNE, COLORADO RFP for Independent Professional Auditing Services

QUESTERRE ENERGY CORPORATION (the Corporation ) INSIDER TRADING AND REPORTING POLICY

Process for Sales Projection Process Documentation Template: Description Sales Projection (Sales Forecasting) Process

QUALITY MANAGEMENT PROCESS

Oracle Engineering. User s Guide Release 11i Part No. A

Trust Operational Policy. Information Security Department. Third Party Remote Access Policy

Information Shield Solution Matrix for CIP Security Standards

Central Agency for Information Technology

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One

General Terms and Conditions Advertiser

Roane State Community College. Affirmative Action Plan For Protected Veterans

CODE OF ETHICS AND BUSINESS CONDUCT

Notice of Formation Solicitation for Official Committee of Student Creditors

AMERICAN HISTORY HIGH SCHOOL SCHOOL POLICIES

WASTE SERVICES & DISPOSAL AGREEMENT. By: By: Name: Name: Title: Title:

Infinedi HIPAA Business Associate Agreement RECITALS SAMPLE

DRIVER ADDENDUM TO SERVICES AGREEMENT. Last update: October 20, 2015

CHECKLIST ISO/IEC 17021:2011 Conformity Assessment Requirements for Bodies Providing Audit and Certification of Management Systems

Information Security Policy version 2.0

Virginia Commonwealth University School of Medicine Information Security Standard

King Faisal University

code of Business Conduct and ethics

If No is selected above, provide a detailed explanation of any changes.

HIPAA BUSINESS ASSOCIATE AGREEMENT

Mental Health Resources, Inc. Mental Health Resources, Inc. Corporate Compliance Plan Corporate Compliance Plan

DELEGATION AGREEMENT

ALARIS ROYALTY CORP. TRADING AND BLACKOUT POLICY

Minnesota Health Insurance Exchange (MNHIX)

Electronic Communication

INSIDER TRADING POLICY. Guidelines with Respect to Certain Transactions in Company Securities

PART B - BROKER INFORMATION

ANTI-BRIBERY AND FOREIGN CORRUPT PRACTICES ACT COMPLIANCE POLICY

American Society of Agricultural Consultants

Certification Practice Statement

AlixPartners, LLP. General Data Protection Statement

Introduction PriorFX LTD Right to Privacy Information

Requirements for Qualifications Package Submittals

[Pursuant to Regulation 12 (1) & (2) of the SEBI (Prohibition of Insider Trading) Regulations, 1992 as amended]

ISO 27001: Information Security and the Road to Certification

ISO 9001:2008 STANDARD OPERATING PROCEDURES MANUAL

Camar Aircraft Products Co. QUALITY MANUAL Revision D

Inca One Gold Corp. Insider Trading Policy

Trading In Securities Policy

Printed copies are for reference only. Please refer to the electronic copy for the latest version.

ANNUAL PREQUALIFACTION APPLICATION. Interested Subcontractor:

TERMS OF REFERENCE FOR CERTIFICATION BODIES (CBs)

Professional Solutions Insurance Company. Business Associate Agreement re HIPAA Rules

WellDyneRxWEST Customer (TPA, Broker, Consultant, Group Health Plan, and other).

Transcription:

DOCUMENT CONTROL PROCEDURE KING SAUD UNIVERSITY DEANSHIP OF E-TRANSACTIONS & COMMUNICATION VERSION 1.1 INTERNAL USE ONLY

PREPARED BY REVIEWED BY APPROVED BY ALTAMASH SAYED NASSER A. AMMAR DR. MOHAMMED A ALNUEM REVISION HISTORY Sr. No. Date of Revision Ver. Validity Description of change Reviewed By Approved By 1 18/03/12 1.0 One Year Initialization Nasser A. Ammar Dr. Mohammed A Alnuem 2 02/03/13 1.1 One Year Department Ownership Changed Mr. Toqeer Ahmad 3 05/03/13 1.1 One Year No Change Mr. Toqeer Ahmad Mr. Mohammed A. Alsarkhi Mr. Mohammed A. Alsarkhi 4 5 6 7 8 9 10 DISTRIBUTION LIST Sr. No Version Number Name Designation Department 1 2 3 ISMS/4-8/4.3.2_4.3.3/DCP/PRO/ V1.1 Page 2 of 10 Internal Use Only

TABLE OF CONTENTS 1. PURPOSE... 4 2. SCOPE... 4 3. RELATED POLICIES AND PROCEDURES... 4 4. PROCEDURE ENFORCEMENT / COMPLIANCE... 4 5. DOCUMENT OWNER... 4 6. ROLES & RESPONSIBILITY... 5 7. INVOCATION... 5 8. PROCESS FLOWCHART... 6 9. PROCEDURE DETAILS... 7 10. OUTPUTS... 8 11. RECORDS... 8 12. REFERENCES... 8 13. ANNEXURE... 9 13.1 ISMS DOCUMENT AND RECORDS CHANGE REQUEST FORM... 9 13.2 ISMS DOCUMENT CHANGE REQUEST LOG FILE... 10 ISMS/4-8/4.3.2_4.3.3/DCP/PRO/ V1.1 Page 3 of 10 Internal Use Only

1. PURPOSE The Purpose of this procedure is to enforce a consistent way to maintain, evaluate and update the ISMS documentation and respective records and ensure that changes to this documentation are performed in a controlled and systematic manner. 2. SCOPE This procedure applies to King Saud University (KSU) - etransactions & Communication (ETC) Deanship and all parties, its affiliated partners or subsidiaries, including data processing and process control systems, that are in possession of or using information and/or facilities owned by KSU-ETC Deanship. This procedure applies to all staff/ users that are directly or indirectly employed by KSU-ETC Deanship, subsidiaries or any entity conducting work on behalf of KSU that involves the use of information assets owned by ETC Deanship. 3. RELATED POLICIES AND PROCEDURES ISMS Management Policy. 4. PROCEDURE ENFORCEMENT / COMPLIANCE Compliance with this procedure is mandatory and ETC Deanship managers shall ensure continuous compliance monitoring within their departments. Compliance with the statements of this procedure is a matter of periodic review by Risk & Information Security Department and any violation of the procedure will result in corrective action by the ISMS Steering Committee. Disciplinary action will be depending on the severity of the violation which will be determined by the investigations. Actions such as termination or others as deemed appropriate by ETC Management and Human Resources Department will be taken. 5. DOCUMENT OWNER ISMS Manager ISMS/4-8/4.3.2_4.3.3/DCP/PRO/ V1.1 Page 4 of 10 Internal Use Only

6. ROLES & RESPONSIBILITY Each role involved in this procedure shall have main responsibilities as follows: 1. ISMS Manager Develops, maintains and updates this procedure. Approves / Rejects the modification requests. Implements the approved modification. Informs the requestor about the outcome of his request. Updates the ISMS Modifications Log File. Reports annually to the ISMS Steering Committee the changes to the ISMS documentation that have taken place (if any). 2. ISMS Steering Committee Approves / Rejects the Change request when it concerns changes to Policies and Procedures. 3. Information Security Officer Fill in the ISMS Document Change Note and forward it to the ISMS. 7. INVOCATION This procedure shall be followed whenever there is: Update/Modification of ISMS Documentation To ensure the modification of procedures and controls is adequate to respond to internal/external changes that may impact security, including: Business requirement. Security requirement. Regulatory/ legal requirement. Acceptable level of risks/criteria. ISMS/4-8/4.3.2_4.3.3/DCP/PRO/ V1.1 Page 5 of 10 Internal Use Only

8. PROCESS FLOWCHART Identified need for document change Document and Records Control Procedure Start Information Security Officer Step 1 ISMS Document Change Request ISMS Document Change Request Form Process ISMS Manager Step 2 Review Request Decision No Step 4 Implementation Step 5 Inform Requestor ISMS Documentation Change Log End Yes Yes ISMS Steering Committee Step 3 Approval Decision No Start / End Start and end of the procedure Reference to another procedure Another related procedure Input/ Input or output infomation Log/Record Storage to file Step 1 An activity / step Decision A decision in a procedure Form Document / Form 1 Follow to step no. Flow of 2 or more different decisions ISMS/4-8/4.3.2_4.3.3/DCP/PRO/ V1.1 Page 6 of 10 Internal Use Only

9. PROCEDURE DETAILS This section reflects the broad activities/steps to be carried out in the procedure. STEP 1: ISMS DOCUMENT CHANGE REQUEST Responsibility Input Information Security Officer Identified need for document change Actions Fills in and forwards the Document Change Request Form to the ISMS Manager. The type of the requested change must be clearly stated in the form (security policies, security procedures, organizational structure). Document Change Request Form STEP 2: REVIEW REQUEST Responsibility Input ISMS Manager Document Change Request Form Actions Reviews the completed form. If the requested change involves Major changes in the security policies, the security principles or the organizational structure, he forwards the form to the ISMS Steering Committee for evaluation. None. STEP 3: APPROVAL Responsibility Input Actions ISMS Steering Committee Document Change Request Form The committee evaluates the request: If the ISMS Steering Committee approves the change, go to step 4. If the ISMS Steering Committee rejects the change, the ISMS Manager informs the requestor of the rejection. Change approval / rejection ISMS/4-8/4.3.2_4.3.3/DCP/PRO/ V1.1 Page 7 of 10 Internal Use Only

STEP 4: IMPLEMENTATION Responsibility Input Actions ISMS Manager Document Change Request Form Implements the document change Document change issue of new version STEP 5: INFORM REQUESTER Responsibility Input ISMS Manager Decision on change request. Actions He informs the requestor about the outcome of his request. Updates the ISMS Documentation Change Log File ISMS Documentation Change Log Requestor update 10. OUTPUTS The following activity will be an output of the process. ISMS Document Change 11. RECORDS The following are the list of all applicable records that are the evidence of implementation of the Process. The records are maintained in hard and soft copy. ISMS Document and Records Change Request Form. ISMS Document Change Request Log File. 12. REFERENCES The following are the useful references which can be used to carry out the defined process based on ISO 27001 standards. 4.3.2 4.3.3 ISMS/4-8/4.3.2_4.3.3/DCP/PRO/ V1.1 Page 8 of 10 Internal Use Only

13. ANNEXURE 13.1 ISMS DOCUMENT AND RECORDS CHANGE REQUEST FORM Date Requested by Document Title Proposed Changes Documents Influenced by Change Approved by Requestor s Manager Approval by ISMS Manager (if no approval, please provide clarification) Approval by ISMS Management Steering Committee when required (if no approval, please provide clarification) Change Implementation by Implementation Date Verification by ISMS Manager / Date ISMS/4-8/4.3.2_4.3.3/DCP/PRO/ V1.1 Page 9 of 10 Internal Use Only

13.2 ISMS DOCUMENT CHANGE REQUEST LOG FILE ISMS DOCUMENTATION CHANGE LOG FILE Request No. Requestor's Name Request Date Approved by Approval Date Change Description Affected Documents Implementation Date Notes ISMS/4-8/4.3.2_4.3.3/DCP/PRO/ V1.1 Page 10 of 10 Internal Use Only

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information