Page 1 Walton Centre Document Control Document History Date Version Author Changes 01/10/2004 1.0 A Cobain
Page 2 Table of Contents Section Contents 1 Introduction 2 Responsibilities Within This Document 3 Document Definition 4 Procedure Appendix A ISMS Change Notification
Page 3 1. Introduction Information and information systems are important corporate assets and it is essential to take all the necessary steps to ensure that they are at all times protected, available and accurate to support the operation and continued success of the Trust. The Trust acknowledges that we must demonstrate to third parties our expertise in security technology and implementing it. To achieve this it is recognised that we must protect our own assets as well as the environment. The aim of the Trust s Security Policy, Security Standards and Work Instruction Manual is to maintain the confidentiality, integrity and availability of information stored, processed and communicated by and within the Trust. These standards, procedures and policies are used as part of the information security management system (ISMS) within the Trust. This document sets out the procedures in place to ensure that all documents forming the ISMS are subject to a formal process of issue, amendment and withdrawal. The procedures are designed to ensure that: Documents are approved prior to issue by designated individuals; Documents are issued to only those authorised to receive them; Obsolete documents are withdrawn and a copy of the superseded document is retained within an archive library; Responsibilities for document control are assigned; Access to electronic media containing the ISMS is controlled. This procedure applies to all documents which comprise the overall Information Security Management System (ISMS).
Page 4 2. Responsibilities Within This Document Particular responsibilities within the standard are defined as:- Review and Maintenance Approval of this document Approval of changes to the ISMS Local adoption Information Security Officer Information Governance & Security Forum Information Governance & Security Forum for all changes with the exception of the Security Policy Trust Board for changes to the Security Policy All managers, staff and contracts within scope 3. Document Definition The ISMS documents will be distributed under two classifications, controlled and uncontrolled: CONTROLLED copies will be given a specific control number and will be updated whenever there are amendments to the ISMS. Holders of controlled copies will be listed on the Distribution List held by the Information Security Officer. Main BS7799 document library. Insert details Informatics Services Department Procedures/Working instructions Insert details UNCONTROLLED copies are not numbered and will not be covered by the attached procedures. Only the document set held by the Information Security Officer and the BS7799 electronic library will be classed as controlled. Distribution and maintenance of the ISMS is the responsibility of Information Security Officer
Page 5 4. Procedure 4.1 Authorisation All amendments to the ISMS must be approved by the Information Governance Security Forum and this will be evidenced in the minutes of that group. The only exception to this is the Information Security Management Policy which must be approved by the Trust Board. Such authorisation will normally be provided in advance of adoption, however it is acknowledged that in certain circumstances there may be a need to update or amend documentation as a matter of urgency. In such circumstances, the Director of Finance is empowered to authorise amendments those these will be presented to the next formal meeting of the Information Governance Security Forum for ratification. 4.2 Notification Every update (i.e. new insertion or amendment) to the manual will be accompanied by a covering document that: Identifies the person who has raised & approved it; Provides a full reference for the new document so that it can be placed in its proper position in the manual; Provides a description of the change(s) proposed; Identifies any documents that are withdrawn; Indicates the date that the new documents are to take effect. This notification will be signed by the Head of IT acting under minuted approval from the Information Governance Security Forum or by the Director of Finance in emergency circumstances. A template of this covering note is included at Appendix A
Page 6 4.2 Version Control All approved and issued updates to the ISMS will increase the version number of the particular document changed. A central copy of the superseded document will be retained by the Information Security Officer for a period of 12 months. All other copies of the superseded document are to be destroyed. 4.3 Dissemination All new recruits to the Walton Centre s Informatics Services Department will be directed to the ISMS on the intranet.
Page 7 APPENDIX A - ISMS AMENDMENT NOTIFICATION ISMS Change Notification To: [Click here and type name] From: [Click here and type name] CC: [Click here and type name] Date: February 15, 2007 The attached amendment(s) relate to your controlled copy of the Trust s Information Security management System. The documents and amendments relate to:- Document Ref Version Date Summary of Changes These amendments take effect form (insert date) Please ensure that all superseded copies are removed from your copy of the ISMS and are destroyed. Authorised by: Position: Date ACKNOWLEDGEMENT I have read and understood the above amendments. Signed: Date