Supply Chain. Example Policy. Author: A Heathcote Date: 24/05/2017 Version: 1.0
|
|
- Godfrey Francis
- 6 years ago
- Views:
Transcription
1 Example Policy Author: A Heathcote Date: 24/05/2017 Version: 1.0 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body created by statute, also known as NHS Digital.
2 Contents 1 Purpose 3 2 Scope 3 3 Applicability 3 4 Guidance 3 Terminology 3 Policy 3 General 3 Security Risks in the Supply Chain 4 Product Supplier Security 4 Service Supplier Security 5 5 Key Words 6 Copyright 2017 Health and Social Care Information Centre. 2
3 1 Purpose The purpose of this Supply Chain Security Example Policy is to provide exemplar guidance in line with HMG and private sector best practice for the implementation of an organisation wide Supply Chain Security Policy. This is in order to allow the reader to produce the necessary policies and guidance for their business area in line with the Department for Health, the wider NHS, health and social care and HMG requirements. 2 Scope The drafting of any policy governing Supply Chain Security in support of NHS or health and social care business functions. 3 Applicability This Example Policy is applicable to and designed for use by any NHS, health and social care or associated organisations that use or have access to NHS systems and/or information and data at any level. 4 Guidance This Example Policy provides guidance on the production of a Supply Chain Security Policy. The Example Policy is in italics with areas for insertion shown as <> and the rationale for each paragraph or section, where required, in [.]. Terminology Term SHALL SHOULD MAY Meaning/Application This term is used to state a Mandatory requirement of this policy This term is used to state a Recommended requirement of this policy This term is used to state an Optional requirement Policy General <Insert organisation name> shall identify Threats, Vulnerabilities and Risks within the supply chain by carrying out appropriate risk assessment and management. <Insert organisation name> shall implement relevant mitigations to counter identified Threats, Vulnerabilities and Risks within the supply chain. <Insert organisation name> shall that ensure that relevant staff are trained as appropriate in the security requirements of the supply chain. <Insert organisation name> shall ensure that security requirements, including Copyright 2017 Health and Social Care Information Centre. 3
4 security incident response, are included in every contract. <Insert organisation name> should ensure that the security aspects of all supplier contracts are closely managed and monitored. <Insert organisation name> shall ensure that once a supplier is accepted in the formal supply chain, the security team works with them to address any vulnerabilities and security gaps. <Insert organisation name> should ensure that any breach of security or security requirements by the supplier leads to an immediate termination of the contract. <Insert organisation name> shall ensure that legacy support for products at the end of life is assured and where required there is a continued supply of authorised updates and parts. <Insert organisation name> shall ensure that tight controls on access to systems, data and information by service suppliers are imposed. <Insert organisation name> shall ensure that access to software by suppliers is limited to a strict Need to Know (NTK). <Insert organisation name> shall ensure that access to hardware by suppliers is limited to a strict NTK. <Insert organisation name> shall ensure that access to control systems by suppliers is limited to a strict NTK. <Insert organisation name> shall ensure that all suppliers are authorised and escorted when on site. [This section should be used to provide clear direction that all normal security practices (including security management, security risk management, security incident management and security education and awareness related policies, standards, procedures and process) as mandated by the organisation will be followed when dealing with the supply chain.] Security Risks in the Supply Chain Supply chain security risks could include: Third party service providers such as maintenance or utility services, or hardware and software suppliers that could have physical or virtual access to systems and information without the NTK. Poor information security practices by lower-- tier suppliers. Compromised software or hardware purchased from suppliers. Software security vulnerabilities in supply chain management or supplier systems. Counterfeit hardware or hardware with embedded malware. Third party data storage and retention of data without authority. Product Supplier Security <Insert organisation name> shall ensure that controls are in place to manage and monitor production processes. <Insert organisation name> shall ensure that suppliers software and/or Copyright 2017 Health and Social Care Information Centre. 4
5 hardware design process is documented, repeatable and measurable. <Insert organisation name> shall ensure that the mitigation of known vulnerabilities is factored into the suppliers product design. <Insert organisation name> shall ensure that the supplier has and follows documented processes to stay current on emerging vulnerabilities and can demonstrate capabilities to address new zero day vulnerabilities. <Insert organisation name> shall ensure that the supplier performs adequate levels of virus and malware protection and detection. <Insert organisation name> shall ensure that component purchases are as ordered, of the required quality, are not counterfeit or have been tampered with. <Insert organisation name> should ensure that source code is obtained for all purchased bespoke software. <Insert organisation name> shall establish the origin of all parts, components and systems. <Insert organisation name> shall ensure that the supplier has adequate controls in place to perform configuration management, quality assurance and processes to test code quality or vulnerabilities. <Insert organisation name> should ensure that suppliers adequately tamper proof their products. <Insert organisation name> shall ensure that suppliers distribution processes are secure. <Insert organisation name> shall ensure that the supplier assures security through product life-- cycle. [The examples provided in this section should be tailored dependant on the size and structure of the organisation and the type of products procured by the organisation through the supplier chain.] Service Supplier Security <Insert organisation name> shall ensure that suppliers have appropriate physical and personnel security measures in place, for their premises, staff, products and working practices. <Insert organisation name> shall ensure that suppliers have adequate access controls; both system and physical, in place. This should include: The protection and storage of customer data. Data retention policy. Destruction of data at contract end. <Insert organisation name> shall ensure that adequate employee background checks are conducted by suppliers on their staff. <Insert organisation name> shall ensure that approved and authorised distribution channels are established and clearly documented. <Insert organisation name> shall ensure that adequate disposal processes are in place and documented. Copyright 2017 Health and Social Care Information Centre. 5
6 [The examples provided in this section should be tailored dependant on the size and structure of the organisation and the type of services procured by the organisation through the supplier chain.] 5 Key Words Access, Contract, Data, Disposal, Distribution, Hardware, Information, Malware, Product, Risks, Secure, Software, Source code, Supplier, Systems, Threats, Virus, Vulnerabilities Copyright 2017 Health and Social Care Information Centre. 6
Business Continuity. Example Policy. Author: A Heathcote Date: 24/05/2017 Version: 1.0
Example Policy Author: A Heathcote Date: 24/05/2017 Version: 1.0 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body created
More informationClear Desk and Screen
Example Policy Author: A Heathcote Date: 24/05/2017 Version: 1.0 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body created
More informationVol. 2 Management RFP No. QTA0015THA A2-2
Manufacturing and Assembly: All MetTel manufacturing and assembly activities are focused on the reduction of supply chain risk. MetTel s SCRM Plan and the associated Systems Acquisition (SA) controls for
More informationGlobal Procurement: Our Sustainability Policy
Introduction National Grid has an ambition to transform the way we do business and provide a sustainable legacy as a result of our operations. National Grid has set targets across the business around being
More informationPROCEDURE (Essex) / Linked SOP (Kent) Information Sharing Agreements. Number: W 1014 Date Published: 23 June 2017
1.0 Summary of Changes 1.1 The following minor changes have been made to this procedure/sop on 23 June 2017: Paragraph 3.3.7 link created to Privacy Impact Assessment; Paragraph 3.4 Legal Services replaced
More informationSupplier Security Directives
Page 1 (8) Supplier Directives 1 Description This document (the Directives ) describes the security requirements applicable to Suppliers (as defined below) and other identified business partners to Telia
More informationInformation Governance Clauses Clinical and Non Clinical Contracts
Information Governance Clauses Clinical and Non Clinical Contracts Policy Number Target Audience Approving Committee Date Approved Last Review Date Next Review Date Policy Author Version Number IG014 All
More informationANTI-SLAVERY POLICY Version 2 January 2018
ANTI-SLAVERY POLICY Version 2 January 2018 Applicable to (Group/company/specific groups of staff /third parties) Produced by (Name/s and job title/s) All Group Companies and Staff External consultants
More informationHumber Information Sharing Charter
External Ref: HIG 01 Review date November 2016 Version No. V07 Internal Ref: NELC 16.60.01 Humber Information Sharing Charter This Charter may be an uncontrolled copy, please check the source of this document
More informationGENERIC QUALITY ASSURANCE REQUIREMENTS FOR: BUILT TO PRINT ITEMS, ITEMS TO STANDARD AND OFF THE SHELF ITEMS
GENERIC QUALITY ASSURANCE REQUIREMENTS FOR: BUILT TO PRINT ITEMS, ITEMS TO STANDARD AND OFF THE SHELF ITEMS APPLICABLE FOR: AIRBUS DEFENCE AND SPACE - SPACE BUSINESS UNIT ORBITAL ISSUE: 02c RELEASE DATE:
More informationInformation governance strategy
Information governance strategy January 2018 Version 1.0 NHS fraud. Spot it. Report it. Together we stop it. Version control Version Name Date Comment V 1.0 Trevor Duplessis 22/01/18 Due for review Dec
More informationDirector s Draft Report
Office of Audit and Evaluation March 2, 2017 Director s Draft Report Protected B Table of contents Executive summary... i Introduction... 1 Focus of the audit... 2 Statement of conformance... 2 Observations...
More informationGROUP FRAUD RISK MANAGEMENT POLICY SUMMARY FOR THIRD PARTY SUPPLIERS
GROUP FRAUD RISK MANAGEMENT POLICY SUMMARY FOR THIRD PARTY SUPPLIERS RATIONALE Group Policy Rationale The definition of fraud used in this Policy is derived from the criminal definition in the Fraud Act
More informationASCDI ANTI-COUNTERFEIT SESSION NEIL VILL CHAIRMAN, ANTI-COUNTERFEIT COMMITTEE MARCH 24, 2011
ASCDI ANTI-COUNTERFEIT SESSION NEIL VILL CHAIRMAN, ANTI-COUNTERFEIT COMMITTEE MARCH 24, 2011 AGENDA Review of recent history Government and industry developments Legal aspects of counterfeit Manufacturers
More informationGENERAL ORDER NO 23 MANAGEMENT OF PERSONNEL RECORDS
Independent State of Papua New Guinea GENERAL ORDER NO 23 MANAGEMENT OF PERSONNEL RECORDS Being a General Order for the purpose of requiring agency heads to maintain organised and systematic personnel
More informationAnti-Slavery Policy. Anti-Slavery Policy UK
Anti-Slavery Policy UK Anti-Slavery Policy Robert Half reserves the right to cancel or to suspend this policy or its application at any time and whether in whole or in part. This policy does not create
More informationCITY UNIVERSITY OF HONG KONG
CITY UNIVERSITY OF HONG KONG (Approved by the Information Strategy and Governance Committee in December 2013; revision 1.1 approved by Chief Information Officer in September 2015) PUBLIC Date of Issue:
More informationSir William Perkins s School Data Protection Policy
Sir William Perkins s School Data Protection Policy Introduction Sir William Perkins s School is a Charitable Company Limited by guarantee providing educational services for students of 11 to 18 years
More informationRISK MANAGEMENT POLICY
RISK MANAGEMENT POLICY Clinical Governance & Risk Management Department Warning Document uncontrolled when printed Policy Reference: RM 2.0 Date of Issue: TBC Prepared by: Risk Management Short Life Date
More informationUK Research and Innovation (UKRI) Records Management Policy
UK Research and Innovation (UKRI) Records Management Policy Contents Policy statement 1. Principles... 5 2. Records creation and maintenance... 5 3. Records retention and disposal... 6 4. Access to records...
More informationGovernance Committee Terms of Reference
Governance Committee Terms of Reference. Purpose The Governance Committee is responsible for: (i) (ii) (iii) (iv) (v) (vi) driving consistency in respect of governance and regulatory conduct matters across
More informationPercival Aviation Limited 15 Barnes Wallis Road, Segensworth, Hampshire, PO15 5TT, UK Tel: + 44 (0)
TABLE OF CONTENTS INTRODUCTION... 4 1. Purpose... 4 2. Scope... 4 3. References... 4 4 Terminology and Definitions... 5 4.1.1 Subcontractor... 5 4.1.2 Significant Subcontractor... 5 4.1.3 Manufacturers...
More informationOverarching Information Governance Policy
Document Information Board Library Reference Document Type Document Subject Original Document Author Reviewed By Review Cycle IM&T_01 Policy Information Information IGMG 3 Years Note: This document is
More informationNHS DIGITAL Records and Document Management Policy
Status Document Record ID Key Version Director Responsible for this policy Final v2.0 Version Date 10/04/2018 Catherine O Keeffe, Director of Information Governance, Burden and Audit Person to contact
More informationBank account takeover.
Bank account takeover. Also known as Mandate Fraud, bank account takeovers occur when a fraudster manages to change the bank account details for a supplier/contractor to your organisation in order to divert
More informationIntroducing ISO 22301
Introducing ISO 22301 1 2 Background How was the ISO22301 formed? Contributors 3 Context 4 Source documents included BS25999-2 NFPA 1600 ASIS OR standard Singapore standards ISO 27031 ISO Guide 73 ISOPAS22399
More informationThis document describes the minimum quality assurance requirements suppliers of RUAG Switzerland Ltd. have to comply with.
of 14.02.2013 Page 1 / 6 This document describes the minimum quality assurance requirements suppliers of RUAG Switzerland Ltd. have to comply with. This requirements are not terminal, but may be additional
More informationInsert Client Name Request for Proposal for Security Risk Assessment Services Consulting
Courtesy of the International Association of Professional Security Consultants Distribute your RFP at no cost at https://iapsc.org/rfp/ Insert Client Name Request for Proposal for Security Risk Assessment
More informationNo. Question from Bidder(s) OPCW Response 1 When looking to document Annex B paragraph 8:
No. Question from Bidder(s) OPCW Response 1 When looking to document Annex B paragraph 8: 8. Delivery, Installation and Training 8.1 The Licensor shall supply, install [and configure] a properly functioning
More informationStaff Briefing Session
Data Protection Act 1998 Privacy Impact Assessment (PIA) Compliance for Clinical Commissioning Groups Staff Briefing Session Overview PIA Requirement Annex one Privacy impact assessment screening questions
More informationEAM 3 / GUI 4 MAPPING BETWEEN ISO 9001:2000 AND ESARR 3
EUROPEAN ORGANISATION FOR THE SAFETY OF AIR NAVIGATION EUROCONTROL ESARR ADVISORY MATERIAL/GUIDANCE MATERIAL (EAM/GUI) EAM 3 / GUI 4 MAPPING BETWEEN ISO 9001:2000 AND ESARR 3 Edition : 1.0 Edition Date
More informationInformation Security Policy
Information Security Policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSARM001 NHS Business Services Authority Information Security policy Head of Security
More informationOFFICIAL ONR GUIDE OVERSIGHT OF SUPPLIERS OF ITEMS OR SERVICES OF NUCLEAR SECURITY SIGNIFICANCE. Nuclear Security Technical Assessment Guide
Title of document ONR GUIDE OVERSIGHT OF SUPPLIERS OF ITEMS OR SERVICES OF NUCLEAR SECURITY SIGNIFICANCE Document Type: Unique Document ID and Revision No: Nuclear Security Technical Assessment Guide CNS-TAST-GD-4.3
More informationCENTURYLINK DRAFT SUPPLY CHAIN RISK MANAGEMENT (SCRM) PLAN
Enterprise Infrastructure Solutions Volume 2 Management Volume Draft SCRM Plan CENTURYLINK DRAFT SUPPLY CHAIN RISK MANAGEMENT (SCRM) PLAN DRAFT CDRL 77 November 4, 2016 Qwest Government Services, Inc.
More informationINTERNATIONAL STANDARD ON AUDITING (NEW ZEALAND) 210
l ISA (NZ) 210 Issued 07/11 Compiled 07311//13 INTERNATIONAL STANDARD ON AUDITING (NEW ZEALAND) 210 Agreeing the Terms of Audit Engagements (ISA (NZ) 210) This compilation was prepared in March JulyNovember
More informationSarbanes-Oxley Compliance Kit
Kit February 2018 This product is NOT FOR RESALE or REDISTRIBUTION in any physical or electronic format. The purchaser of this template has acquired the rights to use it for a SINGLE Disaster Recovery
More informationManagement Response and Action Plan
Management Response and Action Plan A - For inclusion in the report The findings and recommendations of the audit of IT Asset Management were presented to the Corporate Management Sector (CMS) and Chief
More informationANNEX 2 Security Management Plan
ANNEX 2 Page 1 of 24 The following pages define our draft security management plan (a complete and up to date shall be submitted to The Authority within 20 days of contract award as per Schedule 2.4, para
More informationRISK MANAGEMENT REPORT
RISK MANAGEMENT REPORT A RCL FOODS RISK MANAGEMENT REPORT 2016 RISK MANAGEMENT REPORT FRAMEWORK Risk management is considered by the Board to be a key business discipline, designed to balance risk and
More informationGeneral Data Protection Regulation (GDPR) Readiness
For External Distribution Canada Life UK General Data Protection Regulation (GDPR) Readiness Customers, Clients and Business Partners FAQ GDPR TP FAQ January 2018 Frequently Asked Questions (FAQ) Document
More information1 P a g e. IT Tailored to Your Needs
1 P a g e IT Tailored to Your Needs Bluescope Technologies is a leading provider of IT services to businesses of all sizes in a wide range of industries. Bluescope s headquarters are situated in Limerick,
More informationGeneral Data Protection Regulation Philippe Roggeband. Business Development, Manager, GSSO EMEAR
General Data Protection Regulation Philippe Roggeband Business Development, Manager, GSSO EMEAR Why should you care? Data Protection, and compliance with the General Data Protection regulation, is NOT
More informationAnti Money Laundering (AML) Advisory Services Effective solutions for complex issues Deloitte Malta, 2017
Anti Money Laundering (AML) Advisory Effective solutions for complex issues Deloitte Malta, 2017 Contents Increased focus on Anti Money Laundering and Combatting Financing of Terrorism (AML/CFT) 3 A summary
More informationExternal Supplier Control Obligations. Records Management
External Supplier Control Obligations Records Management Page 1 Governance and Roles and The Supplier must define and communicate roles and responsibilities for Records Records Management requires high-level
More informationRecords Management Policy
Records Management Policy Responsible Officer Author Business Planning & Resources Director Corporate Office Date effective from December 1999 Date last amended December 2015 Review date October 2018 1
More informationDoncaster Council Data Quality Strategy
Doncaster Council Data Quality Strategy 2016/17-2020/21 Better Data, Better Services Approving Body Date of Approval Date of Implementation Next Review Date Review Responsibility Version Doncaster Council
More informationOPEN SOURCE SOFTWARE Use within UK Government [Click here for the cover text]
e-government Unit OPEN SOURCE SOFTWARE Use within UK Government [Click here for the cover text] Version 2 28 October 2004 O G C Office of Government C ommerce Contents Introduction... 3 The Policy... 4
More informationRecords Management policy
Records Management policy University of London Records management UoL website link: http://www.london.ac.uk/955.html Email: Records.management@london.ac.uk 1 Contents 1 Introduction... 3 2 Governance...
More informationQUALITY ASSURANCE PROCEDURE: SUPPLIER QUALITY REQUIREMENTS
Originator: RCG Page 1 of 6 1. PURPOSE This document defines minimum quality requirements for suppliers of products or processes to Whelen Engineering Company, Inc. ( Whelen ), when the products or processes
More informationNATO STANDARD AQAP-2110 NATO QUALITY ASSURANCE REQUIREMENTS FOR DESIGN, DEVELOPMENT AND PRODUCTION
NATO STANDARD AQAP-2110 NATO QUALITY ASSURANCE REQUIREMENTS FOR DESIGN, DEVELOPMENT AND PRODUCTION Edition D Version 1 JUNE 2016 NORTH ATLANTIC TREATY ORGANIZATION ALLIED QUALITY ASSURANCE PUBLICATION
More informationQualification of Suppliers of Safety Critical Engineering Products and Services
Qualification of Suppliers of Safety Critical Engineering Products and Services Signatures removed from electronic version Submitted by George Clayton Nominated Responsible Manager Approved by Colin Boocock
More informationGUIDANCE NOTE 37 MEDICAL GASES DATA INTEGRITY
GUIDANCE NOTE 37 MEDICAL GASES DATA INTEGRITY 2017 GUIDANCE NOTE 37 MEDICAL GASES DATA INTEGRITY 2017 Copyright 2017 by British Compressed Gases Association. First printed 2017. All rights reserved. No
More informationOH&S MANAGEMENT SYSTEM CHECKLIST - AS 4801:2001 (STATUS A = Acceptable; N = Not Acceptable; N/A = Not Applicable)
OH&S MANAGEMENT SYSTEM CHECKLIST - AS 4801:2001 (STATUS A = Acceptable; N = Not Acceptable; N/A = Not Applicable) 4.1 General Requirements 4.2 OHS policy Has the organisation an established and maintained
More informationAS/NZS ISO and AS/NZS ISO Management systems for records. Presented by Judith Ellis
AS/NZS ISO 30300 and AS/NZS ISO 30301 Management systems for records Presented by Judith Ellis Framework for Good Recordkeeping Records are evidence of business Records system characteristics Records characteristics
More informationSERVICE EQUIPMENT DISPOSAL POLICY
SERVICE EQUIPMENT DISPOSAL POLICY Version 2.1 IT Equipment Disposal Policy COR/047/V2.01 December 2016 updated January 2018 Version 2.1 1 Subject and version number of document: Serial number: Service
More informationSpace Flight Configuration Management Requirements
LPR 8040.1 Effective Date: January 8, 2009 Expiration Date: January 8, 2014 Langley Research Center Flight Projects Directorate Space Flight Configuration Management Requirements National Aeronautics and
More informationAuditing Standard ASA 210 Agreeing the Terms of Audit Engagements
(June 2011) Auditing Standard ASA 210 Agreeing the Terms of Audit Engagements This compilation was prepared on 27 June 2011 taking into account amendments made by ASA 2011-1 Prepared by the Auditing and
More informationNATO STANDARD AQAP-2310 NATO QUALITY ASSURANCE REQUIREMENTS FOR AVIATION, SPACE AND DEFENCE SUPPLIERS
NATO STANDARD AQAP-2310 NATO QUALITY ASSURANCE REQUIREMENTS FOR AVIATION, SPACE AND DEFENCE SUPPLIERS Edition B Version 1 DECEMBER 2017 NORTH ATLANTIC TREATY ORGANIZATION ALLIED QUALITY ASSURANCE PUBLICATION
More informationType : Quality Procedure: Q - 023CLR Titre / Title: Flow Down of Additional Requirements Revised Date: May
SUPPLIER S MATRIX General Quality Requirements for Supplier: When Code is called out on PO, the following requirements apply: A. The supplier is responsible for meeting all requirements of specifications,
More informationAsset Management Policy
Asset Management Policy January 2018 Introduction Our Asset Management Policy was last published in 2014. It is being updated to reflect our commitment to regularly review and improve all of our Asset
More informationBusiness Resilience: Proactive measures for forward-looking enterprises
IBM Global Services Business Resilience: Proactive measures for forward-looking enterprises protect deflect predict adapt Working with IBM, you can develop and implement a flexible business resilience
More informationSmart Metering Implementation Programme
Smart Metering Implementation Programme Consultation on Smart Metering Rollout Strategy DCC response 19 th May 2015 DCC PUBLIC Page 1 of 14 1 Executive Summary 1.1 Introduction and background 1. DCC provides
More informationGovernance Committee Terms of Reference
Governance Committee Terms of Reference 1. Purpose The Governance Committee is responsible for: (i) (ii) (iii) (iv) (v) (vi) (vii) driving consistency in respect of governance and regulatory conduct matters
More informationWAMITAB Level 4 Certificate in Waste and Resource Management
WAMITAB Level 4 Certificate in Waste and Resource Management Guided Learning Hours: 30 Total Qualification time: 216 Total Credits: 22 Qualification Code: VRQ4 WAMITAB Code: 603/3581/6 VRQ406 (Physical
More informationDocument Type: Main Process: Revision Level: Page: POLICY QUALITY ASSURANCE 3 1 of 6 Process Owner Title:
POLICY QUALITY ASSURANCE 3 1 of 6 Process Owner A. SCOPE This document contains requirements for conducting business with Tri Star Metals, LLC and its customers. It is applicable to suppliers that provide
More informationTop 6 Things to Consider When Making the Transition to Microsoft Office 365
Whitepaper Portals & Collab Top 6 Things to Consider When Making the Transition to Microsoft Office 365 Avtex 3500 American Blvd W Suite 300 Bloomington, MN 55431 Telephone (952) 646-0800 www.avtex.com
More informationRecords Disposal Schedule Charles Darwin University Procurement Services Charles Darwin University
Records disposal schedule Records Disposal Schedule Charles Darwin University Procurement Services Charles Darwin University Disposal Schedule No. For information and advice, please contact Department
More information<Document Title> Partners and External Providers Policy
Partners and External Providers Policy 2018 DOCUMENT HISTORY DATE STATUS VERSION REASON NAME 18.04.2014 Draft 0.1 ISO27001 Internal Requirement ISO 27001 Support Team 13.05.2014 Published
More informationData Protection Act Policy Statement Status/Version: 0.1 Review Information Classification: Unclassified Effective:
Data Protection Act Policy Statement Status/Version: 0.1 Review Information Classification: Unclassified Effective: 1 Policy Statement Objective 1.1 It is the policy of Penderels Trust to demonstrate compliance
More informationStraight Answers on PCI and EMV
Straight Answers on PCI and EMV Gray Consulting November, 2015 Why We Are All Here This presentation is an attempt to demystify the challenges faced by the car wash industry, in dealing with secure, electronic
More informationBSc Business Administration BBA0110 Management Information Systems Examiner s Report Examination Date: October 2011
BSc Business Administration BBA0110 Management Information Systems Examiner s Report Examination Date: October 2011 Introduction This was a three hour paper where examinees were asked to answer three questions.
More informationInter-Agency Misconduct Disclosure Scheme
Inter-Agency Scheme for the Disclosure of Safeguarding-related Misconduct in Recruitment Processes within the Humanitarian and Development Sector Preamble The purpose of this scheme is to establish a minimum
More informationAgreeing the Terms of Audit Engagements
SINGAPORE STANDARD SSA 210 ON AUDITING Agreeing the Terms of Audit Engagements SSA 210, Agreeing the Terms of Audit Engagements superseded SSA 210, Terms of Audit Engagements in January 2010. The Companies
More informationEnterprise Content Management and Business Process Management
Enterprise Content Management and Business Process Management You Don t Have to Own IT to Control IT SM The changing business needs for Enterprise Content Management (ECM) and Business Process Management
More informationAmendment Record Purpose Scope Acronyms & Definitions Applicable Documents Requirements 7
SECTION PAGE Amendment Record 3 1. Purpose 4 2. Scope 4 3. Acronyms & Definitions 4 4. Applicable Documents 7 5. Requirements 7 6. Digital Product Sealed Data Plan (DPSDP) Content 8 7. Configuration Management
More informationVersion 7.4 & higher is Critical for all Customers Processing Credit Cards!
Version 7.4 & higher is Critical for all Customers Processing Credit Cards! Data Pro Accounting Software met the latest credit card processing requirements with its release of Version 7.4 due to the recently
More informationModern Slavery & Human Trafficking Policy
Modern Slavery & Human Trafficking Policy Modern Slavery Statement & Policy Quadra Concepts (UK) Limited has over 22 years experience in the design, build and manufacture of specialist AV Furniture solutions.
More informationContinuous Diagnostic and Mitigation and Continuous Monitoring as a Service. CMaaS TASK AREAS
Continuous Diagnostic and Mitigation and Continuous Monitoring as a Service CMaaS TASK AREAS CMaaS TASK AREAS The contractor shall provide functional, strategic, and managerial business consulting and
More informationSpace Product Assurance
EUROPEAN COOPERATION FOR SPACE STANDARDIZATION Space Product Assurance Software Product Assurance Secretariat ESA ESTEC Requirements & Standards Division Noordwijk, The Netherlands Published by: Price:
More informationCOMPUTERISED SYSTEMS
ANNEX 11 COMPUTERISED SYSTEMS PRINCIPLE This annex applies to all forms of computerised systems used as part of a GMP regulated activities. A computerised system is a set of software and hardware components
More information<Full Name> Quality Manual. Conforms to ISO 9001:2015. Revision Date Record of Changes Approved By
Conforms to ISO 9001:2015 Revision history Revision Date Record of Changes Approved By 0.0 [Date of Issue] Initial Issue Control of hardcopy versions The digital version of this document is
More informationHSCIC Audit of Data Sharing Activities:
Directorate / Programme Data Dissemination Services Project Data Sharing Audits Status Approved Director Terry Hill Version 1.0 Owner Rob Shaw Version issue date 20/04/2016 HSCIC Audit of Data Sharing
More informationThis document is a preview generated by EVS
INTERNATIONAL STANDARD ISO/IEC/ IEEE 12207 First edition 2017-11 Systems and software engineering Software life cycle processes Ingénierie des systèmes et du logiciel Processus du cycle de vie du logiciel
More informationDate: INFORMATION GOVERNANCE POLICY
Date: INFORMATION GOVERNANCE POLICY Information Governance Policy IGPOL/01 Information Systems Corporate Services Division March 2017 1 Revision History Version Date Author(s) Comments 0.1 12/12/2012 Helen
More informationISO/IEC Information technology Systems and software engineering Application management
INTERNATIONAL STANDARD ISO/IEC 16350 First edition 2015-08-01 Information technology Systems and software engineering Application management Technologies de l information Gestion d application Exigences
More information1.1 Contributes to the Trust s Organisational Development strategy to improve overall organisational performance and effectiveness
JOB TITLE: OD Practitioner BAND: AFC 7 BASE: RESPONSIBLE TO: ACCOUNTABLE TO: XX OD Consultant (OD Lead) Director of OD and L&D JOB SUMMARY The Organisational Development Practitioner is responsible for
More information1 Management Responsibility 1 Management Responsibility 1.1 General 1.1 General
1 Management Responsibility 1 Management Responsibility 1.1 General 1.1 General The organization s management with executive The commitment and involvement of the responsibility shall define, document
More informationPurchase Order Quality Clause SCC20 Revision E, Effective 1/20/2015
Clause A - Quality System Requirements All references to the term Government in any of the documents referenced below shall be replaced with the term Curtiss-Wright and/or the Government. All references
More informationEnvironment & Sustainability Policy
Introduction A process whereby organisations meet their needs for goods, services, works and utilities in a way that achieves value for money on a whole life basis and generates benefits not only to the
More informationInformation, Privacy and Archives Division. Government of Ontario Function-Based Common Records Series: Information Technology
Information, Privacy and Archives Division Government of Ontario Function-Based Common Records Series: Information Technology December 2014 December 2014 Page 2 of 22 INFORMATION TECHNOLOGY FUNCTION ACRONYM:
More informationApproved by Board: 22/06/2016. Records Management Policy
Approved by Board: 22/06/2016 Records Management Policy 1. Introduction 1.1 The information that University records contain serves as evidence of functions executed and activities performed. University
More informationNational Aeronautics and Space Administration
National Aeronautics and Space Administration Dryden Flight Research Center Procurement Quality Assurance has developed a comprehensive process that outlines our suppliers capabilities and exposes their
More informationCODE I: Senior Management Commitment and Risk Management
Each member company shall have an active program designed to continuously improve safety and reduce incidents. This Code does not impose upon member companies any obligation to guarantee compliance by
More informationClause "A" Subcontractor Controls, General Requirements (Applicable when Clause "A" is invoked in the Purchase Order "Remarks")
Clause "A" Subcontractor Controls, General Requirements (Applicable when Clause "A" is invoked in the Purchase Order "Remarks") (1) Any non-destructive testing defined within this Seyer Industries Purchase
More informationPCI Information Session. May NCSU PCI Team
PCI Information Session May 2014 - NCSU PCI Team Agenda PCI compliance process Security Training Why compliance is important PCI DSS update from NCSU ISA 2014 attestation process Questions PCI Compliance
More informationPersonal Mobile Device Acceptable Use Policy Training Slideshow
Practical IT Research that Drives Measurable Results Personal Mobile Device Acceptable Use Policy Training Slideshow Info-Tech Research Group 1 Instructions for Using This Slideshow Replace [company] with
More informationTop 5 Reasons Your Business Needs the Cloud
Top 5 Reasons Your Business Needs the Cloud Featuring: Michael Goeke, Epicor Eric Smith, Modern Distribution Management Sponsored by: May 24, 2016 Agenda Introduction Business priorities for distributors
More informationData protection (GDPR) policy
Data protection (GDPR) policy January 2018 Version: 1.0 NHS fraud. Spot it. Report it. Together we stop it. Version control Version Name Date Comment 1.0 Trevor Duplessis 22/01/18 Review due Dec 2018 OFFICIAL
More informationSupplier Quality Assurance Requirements
1 Scope No. 1.1 This document details the requirements to be satisfied by suppliers to Tekdata Interconnections Ltd (TIL). TIL requires each supplier and their sub-tier suppliers to comply with the quality
More informationNATO STANDARD AQAP-2110 NATO QUALITY ASSURANCE REQUIREMENTS FOR DESIGN, DEVELOPMENT AND PRODUCTION
NATO STANDARD AQAP-2110 NATO QUALITY ASSURANCE REQUIREMENTS FOR DESIGN, DEVELOPMENT AND PRODUCTION Edition D Version 1 JUNE 2016 NORTH ATLANTIC TREATY ORGANIZATION ALLIED QUALITY ASSURANCE PUBLICATION
More information